Stored XSS Vulnerability in NotesCMS by PrivateAccount
CVE-2025-52037

Currently unrated

Key Information:

Vendor: PrivateAccount
Status: NotesCMS
Vendor: CVE Published:; 26 August 2025

🔔 Create PrivateAccount Vulnerability Alert

What is CVE-2025-52037?

A vulnerability in NotesCMS allows for stored cross-site scripting (XSS) in the service descriptions via the /index.php?route=sites page. This vulnerability is exploitable remotely and was confirmed present in the source code from commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 as of May 8, 2024. It was subsequently addressed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea on March 31, 2025. Exploitation of this vulnerability enables attackers to manipulate content and potentially compromise user data.

References

https://github.com/PrivateAccount/NotesCMS/issues/3

https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa87...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jun 16, 2025