Reflected Cross Site Scripting Vulnerability in Phoenix Site CMS by Phoenix
CVE-2025-40727

5.1MEDIUM

Key Information:

Vendor: Phoenix Bv
Status: Phoenix Cms
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-40727?

A reflected Cross Site Scripting (XSS) vulnerability exists in the '/search' endpoint of Phoenix Site CMS. This flaw enables remote attackers to execute arbitrary code by crafting a malicious GET request that exploits the 's' parameter. When the victim accesses a specially crafted URL, the vulnerability can lead to unauthorized actions or compromises within the web application, connecting to significant security risks.

Affected Version(s)

Phoenix CMS all versions

References

https://www.incibe.es/en/incibe-cert/notices/aviso/reflec...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Gonzalo Aguilar Garcia (6h4ack)

Phoenix Bv

What is CVE-2025-40727?

Affected Version(s)

References

CVSS V4

Timeline

Credit