CVE-2025-44024
MEDIUMPichome < 2.1.0 - Cross-Site Scripting via Login Form Input
Title source: llmDescription
Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process
References (1)
Core 1
Core References
Issue Tracking
https://github.com/zyx0814/Pichome/issues/50
Scores
CVSS v3
6.1
EPSS
0.0019
EPSS Percentile
9.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Published
May 14, 2025
Tracked Since
Feb 18, 2026