cvelist/2025/4xxx/CVE-2025-4379.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2025-4379",
        "ASSIGNER": "cvd@cert.pl",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened.\n\nA hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
                        "cweId": "CWE-79"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Studio Fabryka",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "DobryCMS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "0",
                                            "version_value": "2.*"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://cert.pl/posts/2025/05/CVE-2025-4379",
                "refsource": "MISC",
                "name": "https://cert.pl/posts/2025/05/CVE-2025-4379"
            },
            {
                "url": "https://cert.pl/en/posts/2025/05/CVE-2025-4379",
                "refsource": "MISC",
                "name": "https://cert.pl/en/posts/2025/05/CVE-2025-4379"
            },
            {
                "url": "https://studiofabryka.pl/Systemy_CMS.html",
                "refsource": "MISC",
                "name": "https://studiofabryka.pl/Systemy_CMS.html"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Kamil Szczurowski"
        },
        {
            "lang": "en",
            "value": "Robert Kruczek"
        }
    ]
}