CVE-2025-14244

Source
https://cve.org/CVERecord?id=CVE-2025-14244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-14244
Published
2025-12-08T12:02:05.891Z
Modified
2026-07-08T07:50:12.317116868Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GreenCMS Menu Management CustomController.class.php cross site scripting
Details

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.3.0603"
                },
                {
                    "last_affected": "2.3.0603"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14244.json",
    "cwe_ids": [
        "CWE-79",
        "CWE-94"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/greencms/greencms

Affected ranges

Type
GIT
Repo
https://github.com/greencms/greencms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:njtech:greencms:2.3.0603:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.3.0603"
        },
        {
            "last_affected": "2.3.0603"
        }
    ]
}

Affected versions

2.*
2.3.0603
v2.*
v2.3.0603

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14244.json"