CVE-2025-11306 🟡 Medium

CVE-2025-11306: Cross Site Scripting in FoxCMS

A vulnerability in qianfox FoxCMS up to 1.2 allows remote cross site scripting through manipulation of the keyword argument in the Search Page component.

CVE ID

CVE-2025-11306

CVSS Score

4.3

Vendor

unknown

Published

Oct 05

A vulnerability was found in qianfox FoxCMS up to version 1.2. It affects a part of the file /index.php/Search in the Search Page component. The manipulation of the argument keyword can result in cross site scripting, which can be executed remotely. The exploit is publicly available, and the vendor was contacted for disclosure without any response.

Vulnerability Details

CVE ID: CVE-2025-11306
Severity: Medium
CVSS v3 Score: 4.3 / 10.0
Affected Vendor: unknown
Publication Date: October 05, 2025

External Resources

NIST NVD Database
MITRE CVE

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners

Back to CVE Database