CVE-2025-44024

Name of the Vulnerable Software and Affected Versions: Pichome system versions prior to 2.1.0

Description: A Cross-Site Scripting (XSS) issue was found due to insufficient sanitization of user input in the login form. This allows an attacker to inject malicious JavaScript code into the username or password fields during the login process.

Recommendations: For versions prior to 2.1.0, update to a version that includes proper sanitization of user input in the login form to prevent XSS attacks. As a temporary workaround, consider validating and sanitizing user input for the username and password fields to minimize the risk of exploitation.