CVE-2025-44024

MEDIUM

Pichome < 2.1.0 - Cross-Site Scripting via Login Form Input

Title source: llm
STIX 2.1

Description

Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published May 14, 2025
Tracked Since Feb 18, 2026