CVE-2025-52367

MEDIUM

Pivotx - XSS

Title source: rule

Description

Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.

Exploits (2)

exploitdb WORKING POC
by HayToN · textwebappsmultiple
https://www.exploit-db.com/exploits/52361
metasploit WORKING POC EXCELLENT
by HayToN, msutovsky-r7 · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pivotx_index_php_overwrite.rb

References (2)

Scores

CVSS v3 5.4
EPSS 0.7001
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
pivotx/pivotx 3.0.0 rc3
Published Sep 22, 2025
Tracked Since Feb 18, 2026