CVE-2025-60869
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-10-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| publii | cms | 0.46.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-60869 is a persistent Cross-Site Scripting (XSS) vulnerability in Publii CMS version 0.46.5 (build 17089). It occurs because certain configuration fields, such as 'Site Description' and social media link fields in the footer, do not properly sanitize or validate user input. An attacker with write access to these fields can inject malicious JavaScript code, which is then stored and embedded into the generated static site. When visitors view the affected site and interact with infected elements like social media buttons, the malicious script executes in their browsers. [2]
How can this vulnerability impact me? :
This vulnerability can lead to high confidentiality and integrity risks. The injected JavaScript can execute arbitrary actions in the browsers of site visitors, such as stealing cookies or session tokens, performing phishing attacks, keylogging, or loading malicious external resources. This compromises user data and trust. However, availability of the site is not affected. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the configuration fields in the Publii CMS admin panel, specifically the "Site Description" and social media link fields under theme -> custom settings -> footer. Look for any injected JavaScript code such as <script> tags in these fields. Additionally, you can examine the generated static site HTML files for embedded malicious scripts in the footer section. There are no specific network commands provided, but manual inspection or automated scanning of these configuration fields and generated HTML files for suspicious script tags is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting write access to the configuration fields to trusted users only, as the vulnerability requires admin panel access to inject malicious code. Review and sanitize all inputs in the configuration fields to ensure no executable JavaScript can be saved. If possible, update or patch Publii CMS to a version that properly validates and sanitizes these inputs. Additionally, manually remove any suspicious scripts found in the configuration fields or generated HTML files to prevent execution in visitors' browsers. [2]