CVE-2025-14722

CVSS v2.0

3.3

Low

Vector

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions vion707 DMadmin versions prior to 3403cafdb42537a648c30bf8cbc8148ec60437d1

Description A cross-site scripting issue exists in vion707 DMadmin. The issue is located in the Add function of the Admin/Controller/AddonsController.class.php file within the Backend component. Remote manipulation can trigger the issue. The exploit has been publicly disclosed.

Recommendations Update vion707 DMadmin to version 3403cafdb42537a648c30bf8cbc8148ec60437d1 or later. As a temporary workaround, consider restricting access to the Add function within the Admin/Controller/AddonsController.class.php file.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-14722

Affected Products

Vion707 Dmadmin

CVE-2025-14722

Weakness Enumeration

Related Identifiers

Affected Products

References · 7