CVE Catalog

CVE-2025-52206

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. This allows an attacker to inject malicious scripts into the administrator's browser.

Risk Assessment

An attacker could hijack the admin session, steal credentials, or perform unauthorized actions in the hosting management panel.

Recommendation

Immediately update ISPConfig to the latest version and apply input filtering for data displayed on the system status page.

Original NVD description (English source)

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS