PT-2025-37460 · Ibuyucms · Ibuyucms
Komorebi
·
Published
2025-09-15
·
Updated
2025-09-15
·
CVE-2025-10434
CVSS v2.0
3.3
Low
| Vector | AV:N/AC:L/Au:M/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IbuyuCMS versions up to 2.6.3
Description
A vulnerability exists in IbuyuCMS that allows for cross site scripting. The issue is located in the Add Article Page component, specifically within the file
/admin/article.php?a=mod. Manipulation of the Title argument can trigger the vulnerability. The exploit is publicly available.Recommendations
Update IbuyuCMS to a version later than 2.6.3.
Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibuyucms