CVE-2025-14244

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-14244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14244
Published
2025-12-08T12:16:03.240Z
Modified
2026-03-14T15:01:52.403645Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / github.com/greencms/greencms

Affected ranges

Type
GIT
Repo
https://github.com/greencms/greencms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c2f73d2e2b03d8a34b9132cb4a904acb75eb5e28
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0603"
        }
    ]
}

Affected versions

v2.*
v2.3.0101
v2.3.0215
v2.3.0603

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14244.json"