Stored XSS Vulnerability in NotesCMS by PrivateAccount
CVE-2025-52037

6.1MEDIUM

Key Information:

Vendor: PrivateAccount
Status: NotesCMS
Vendor: CVE Published:; 26 August 2025

🔔 Create PrivateAccount Vulnerability Alert

What is CVE-2025-52037?

A vulnerability in NotesCMS allows for stored cross-site scripting (XSS) in the service descriptions via the /index.php?route=sites page. This vulnerability is exploitable remotely and was confirmed present in the source code from commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 as of May 8, 2024. It was subsequently addressed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea on March 31, 2025. Exploitation of this vulnerability enables attackers to manipulate content and potentially compromise user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/PrivateAccount/NotesCMS/issues/3

https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa87...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jun 16, 2025

JSON

PrivateAccount

What is CVE-2025-52037?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.