GHSA-657c-wxg6-jmqv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-657c-wxg6-jmqv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-657c-wxg6-jmqv/GHSA-657c-wxg6-jmqv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-657c-wxg6-jmqv
- Aliases
-
- CVE-2025-63644
- Published
- 2026-01-14T18:31:37Z
- Modified
- 2026-02-03T03:11:10.676210Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability
- Details
-
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2026-01-22T18:04:53Z", "nvd_published_at": "2026-01-14T18:16:41Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-63644
- https://drive.google.com/drive/folders/1mYDvUTnlTPCGTB-7tHD3pmu_wHtlMVRP
- https://github.com/pH7Software/pH7-Social-Dating-CMS
- https://medium.com/@rudranshsinghrajpurohit/cve-2025-63644-stored-cross-site-scripting-xss-vulnerability-in-ph7-social-dating-cms-23ed0e7eb853
Affected packages
Packagist / ph7software/ph7builder
Package
- Name
- ph7software/ph7builder
- Purl
- pkg:composer/ph7software/ph7builder
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected17.9.1
Affected versions
1.*
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
1.4.1
1.4.2
2.*
2.0.4
2.0.8
2.0.9
3.*
3.0.0
3.1.0
4.*
4.0.0
5.*
5.0.0
6.*
6.0.0
6.0.1
6.0.8
6.0.9
6.0.13
7.*
7.0.0
7.0.01
7.1.3
8.*
8.0.2
8.0.3
8.0.4
8.0.6
10.*
10.0.8
10.2.0
12.*
12.0.0
12.1.0
12.1.2
12.3.0
12.3.5
12.5.9
12.6.0
12.6.1
12.6.5
12.9.0
12.9.7
12.9.8
12.9.9
14.*
14.0.0-rc
14.0.0-rc2
14.0.0-rc3
14.0.0
14.3.0
14.3.4-rc
14.3.4
14.3.6
14.7.0
14.8.0
14.8.8-rc
14.8.8-rc2
14.8.8
14.8.9
14.9.0-rc
14.9.0-rc2
14.9.0
15.*
15.0.0-beta1
15.0.0-beta2
15.0.0-beta3
15.0.0-rc
15.0.0
15.1.0-beta
15.1.0-rc
15.1.0-rc2
15.1.0
15.1.6
15.1.7
15.1.8
15.2.0
15.3.0-rc.1
15.3.0-rc.2
15.3.0-rc.3
15.3.0
15.4.0-beta.1
15.4.0-beta.2
15.4.0
16.*
16.0.0-beta.1
16.0.0-beta.2
16.0.0-rc.1
16.0.0-rc.2
16.0.0-rc.3
16.0.0
16.0.2-beta.1
16.1.0-beta.1
16.1.0
16.1.1
16.2.0-beta.1
16.2.0
16.2.2
16.3.0-beta.1
16.3.0
16.3.2
16.5.0.beta.1
v17.*
v17.0.0-beta.2
v17.0.0
v17.9.0
v17.9.1-beta.1
v17.9.1
17.*
17.0.0-beta.3
17.0.1
17.1.0
17.1.2
17.1.8.beta.1
17.1.8.beta.2
17.1.8
17.2.0-beta.1
17.2.0-rc.1
17.2.0-rc.2
17.2.0