CVE-2025-32999

MEDIUM

a-blog cms 3.0.0-3.0.46 - Authenticated Stored Cross-Site Scripting in Entry Editing Screen

Title source: llm
STIX 2.1

Description

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 12.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
appleple/a-blog_cms 3.0.0 - 3.0.47
Published May 19, 2025
Tracked Since Feb 18, 2026