CVE-2025-10710 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 20250831 /index.php Name cross site scripting

A vulnerability, which was classified as problematic, has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting.

This vulnerability is tracked as CVE-2025-10710. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10710 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 20250831 /index.php Name cross site scripting

Post correlati

CVE-2021-47082 | Linux Kernel up to 4.19.279/5.4.239/5.10.135/5.15.11 tun lib/dump_stack.c tun_free_netdev double free

CVE-2024-55633 | Apache Superset up to 4.0.x Postgres Analytic Database improper authorization

CVE-2024-7861 | Misiek Paypal Plugin up to 1.1.20090324 on WordPress cross-site request forgery

CVE-2023-6219 | BookingPress Plugin up to 1.0.76 on WordPress unrestricted upload