CVE-2025-1105

Name of the Vulnerable Software and Affected Versions SiberianCMS version 4.20.6

Description A problem was found in SiberianCMS, affecting some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. This leads to cross-site scripting. The attack can be launched remotely. The issue has been disclosed publicly.

Recommendations As a temporary workaround, consider restricting access to the /app/sae/design/desktop/flat file until a patch is available. Avoid using the HTTP GET Request Handler component in SiberianCMS version 4.20.6 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.