CVE-2025-12920 | qianfox FoxCMS up to 1.2.16 Product.php add/edit Title cross site scripting

A vulnerability was found in qianfox FoxCMS up to 1.2.16. It has been rated as problematic. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting.

The identification of this vulnerability is CVE-2025-12920. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12920 | qianfox FoxCMS up to 1.2.16 Product.php add/edit Title cross site scripting

Post correlati

CVE-2024-9916 | HuangDou UTCMS V9 cli.php o os command injection

CVE-2021-46918 | Linux Kernel up to 5.11.15 idxd permission (c84b8982d7aa/6df0e6c57dfc)

CVE-2023-46156 | Siemens SIMATIC Drive Controller CPU 1504D TF Packets use after free (ssa-280603)

CVE-2025-62254 | Liferay Portal/DXP ComboServlet path traversal