Stored XSS Vulnerability in NotesCMS Affecting Remote Services
CVE-2025-52035
Currently unrated
What is CVE-2025-52035?
A stored XSS vulnerability exists in NotesCMS, specifically affecting the /index.php?route=notes page. This security flaw allows an attacker to manipulate the content of service titles, potentially leading to malicious script execution when the affected page is loaded by users. The vulnerability was identified in the source code as of May 8, 2024, and poses a risk as it can be exploited remotely. The issue was subsequently addressed in a later commit on March 31, 2025, providing a crucial update for users to secure their applications.