VDB
CVE-2025-3970
CVE-2025-3970
PUBLISHED
CVSS 5.099999904632568 MEDIUM
A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
EPSS 0.15% · 34.9th percentile
Risk Scores
CVSS v4.0
5.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.15%
34.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| baseweb | JSite | 1.0 |
| jsite | jsite | 0 |
Timeline
- Apr 27, 2025 Coalition ESS Score
- Apr 27, 2025 CVE Published
- Apr 27, 2025 PoC Published
- Apr 27, 2025 PoC Published
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 Coalition ESS Score
- Apr 29, 2025 Coalition ESS Score
- May 10, 2025 EPSS Score
- May 12, 2025 Coalition ESS Score
- May 22, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
References
- VDB-306306 | baseweb JSite save cross site scripting vdb
- VDB-306306 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #557385 | Vendor JSite 1.0 Stored Cross-Site Scripting Attack third-party-advisory
- https://github.com/caigo8/CVE-md/blob/main/JSite/XSS2.md exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-3970 advisory