Cross-Site Scripting Vulnerability in Cotonti Siena by Cotonti
CVE-2025-44115

5.4MEDIUM

Key Information:

Vendor: Cotonti
Status: Cotonti Siena
Vendor: CVE Published:; 2 June 2025

What is CVE-2025-44115?

A cross-site scripting (XSS) vulnerability exists in Cotonti Siena v0.9.25, specifically affecting the /admin.php?m=config&n=edit&o=core&p=title file. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and session authentication. The vulnerability arises from improper handling of user input, particularly in the title parameter, which can be manipulated to execute arbitrary scripts in the context of the user’s browser.

References

https://github.com/Cotonti/Cotonti/issues/1650

https://github.com/Cotonti/Cotonti/issues/1834

https://gist.github.com/yA0-Z/9666b1a333607381ab8dfcc137f...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
Apr 22, 2025

CVE-2025-44115 Data

JSON