CVE-2025-55420

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6

Description: A Reflected Cross Site Scripting (XSS) vulnerability exists in the /index.php endpoint of the software. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response, allowing for the execution of arbitrary JavaScript code when a logged-in user submits the malicious input.

Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, sanitize all user inputs before processing them to prevent the injection of malicious scripts.