CVE-2025-2133: ftcms edit cross site scripting
First published: Sun Mar 09 2025(Updated: )
A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ftcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2133?
CVE-2025-2133 is classified as a problematic vulnerability.
How do I fix CVE-2025-2133?
To fix CVE-2025-2133, ensure to sanitize and validate user input to mitigate cross-site scripting vulnerabilities.
What types of attacks can be executed through CVE-2025-2133?
CVE-2025-2133 allows for remote cross-site scripting attacks through manipulation of the 'title' argument.
Which software is affected by CVE-2025-2133?
CVE-2025-2133 affects the ftcms version 2.1 software.
Can CVE-2025-2133 be exploited remotely?
Yes, CVE-2025-2133 can be exploited remotely, making it a significant security risk.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/ftcms
- canonical/ftcms