CVE-2025-25203
CVE-2025-25203
Título es
CVE-2025-25203
Mar, 11/02/2025 – 23:15
Tipo
CWE-79
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-25203
Descripción en
CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket creation and unsafe rendering of this field in the moderator panel. Version 1.0 contains a patch for the issue.
12/02/2025
12/02/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
8.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
