CVE-2025-14244 | THREATINT

Description

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-08 | Updated 2025-12-08 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

LOW: 2.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

LOW: 2.4CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

3.3AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Timeline

2025-12-08:	Advisory disclosed
2025-12-08:	VulDB entry created
2025-12-08:	VulDB entry last update

Credits

b1uel0n3 (VulDB User) reporter

References

vuldb.com/?id.334754 (VDB-334754 | GreenCMS Menu Management CustomController.class.php cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.334754 (VDB-334754 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.702435 (Submit #702435 | GreenCMS 2.3.0603 CWE-79 - Cross-site Scripting) third-party-advisory

gist.github.com/b1uel0n3/83f9965b3499a2abfee30c77458f718a exploit

cve.org (CVE-2025-14244)

nvd.nist.gov (CVE-2025-14244)

Download JSON