Cross-Site Scripting Vulnerability in FluentCMS by Fluent
CVE-2025-67349

6.1MEDIUM

Key Information:

Vendor: Fluent
Status: FluentCMS
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-67349?

A cross-site scripting (XSS) vulnerability exists in FluentCMS version 1.2.3, where improper input sanitization in the 'Add Page' feature allows attackers with admin access to inject arbitrary scripts in the section. This may lead to unauthorized actions or data exposure, increasing the need for timely remediation.

References

https://github.com/fluentcms/FluentCMS/issues/2403

https://github.com/eoniboogie/CVE_Disclosures/blob/main/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Dec 8, 2025

JSON