PT-2025-22652 · Dobrycms · Dobrycms
Kamil Szczurowski
+1
·
Published
2025-05-23
·
Updated
2025-05-23
·
CVE-2025-4379
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
DobryCMS versions 2.* and lower
Description
The issue is related to Reflected Cross-Site Scripting (XSS) due to improper input validation in the
szukaj parameter. This allows arbitrary JavaScript to be executed on a victim's browser when a specially crafted URL is opened.Recommendations
For DobryCMS versions 2.* and lower, apply the hotfix released on 29.04.2025 to remove the vulnerability. As a temporary workaround, consider restricting access to the
szukaj parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dobrycms