CVE Catalog
CVE-2025-60837
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile - higher than 8% of all known CVEs
Summary
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload.
Risk Assessment
An attacker can hijack user sessions, steal credentials, or perform other malicious actions within the victim's browser context.
Recommendation
Update MCMS to the latest patched version immediately. Until then, validate and sanitize all user inputs.
Original NVD description (English source)
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

