Reflected Cross Site Scripting Vulnerability in FoxCMS by FoxCMS
CVE-2025-55420

8.8HIGH

Key Information:

Vendor: FoxCMS
Status: FoxCMS
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-55420?

A reflected cross site scripting (XSS) vulnerability exists in FoxCMS v1.2.6, specifically in the /index.php file. This vulnerability allows attackers to inject crafted scripts through GET requests. When executed, the unsanitized input is reflected in the HTML response, enabling the execution of arbitrary JavaScript code in the context of a logged-in user. This can potentially lead to unauthorized access and manipulation of user data, highlighting the critical importance of implementing input validation and sanitization in web applications. For more details, visit the reference link.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.notion.so/FoxCMS-V1-2-6-Reflected-XSS-in-inde...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 13, 2025

JSON

FoxCMS

What is CVE-2025-55420?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.