CVE-2025-25203

Source
https://cve.org/CVERecord?id=CVE-2025-25203
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25203.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-25203
Aliases
  • GHSA-2q43-grv2-jxwh
Published
2025-02-11T22:47:43.890Z
Modified
2026-04-10T05:24:21.422733Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Ctrlpanel has stored XSS vulnerability in TicketsController priority field
Details

CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering of this field in the moderator panel. Version 1.0 contains a patch for the issue.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/25xxx/CVE-2025-25203.json"
}
References

Affected packages

Git / github.com/ctrlpanel-gg/panel

Affected ranges

Type
GIT
Repo
https://github.com/ctrlpanel-gg/panel
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25203.json"