What is CVE-2025-12224 — XSS in php-business-website?

CVE-2025-12224 is a cross-site scripting (XSS) vulnerability in php-business-website versions up to 10677743a8dfc281f85291a27cf63a0bce043c24, allowing attackers to inject malicious scripts.

Am I affected by CVE-2025-12224 in php-business-website?

You are affected if you are using php-business-website versions prior to 10677743.0.1 and have not implemented mitigating controls.

How do I fix CVE-2025-12224 in php-business-website?

Upgrade to php-business-website version 10677743.0.1 or later. Implement input validation and output encoding as a temporary workaround.

Is CVE-2025-12224 being actively exploited?

A public proof-of-concept exists, suggesting a potential for active exploitation.

Where can I find the official php-business-website advisory for CVE-2025-12224?

Contact the vendor directly for the official advisory, as specific version information is not readily available due to the rolling release model.

CVE-2025-12224 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-12224 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• php: Examine the admin/contact.php file for unsanitized use of the twitter parameter. Search for instances where user input is directly outputted without proper encoding. • web: Monitor access logs for requests to admin/contact.php containing suspicious URL parameters or JavaScript code. • generic web: Use a WAF to detect and block XSS payloads targeting the admin/contact.php endpoint. Look for patterns like <script> tags or javascript: URLs in requests.

grep -i '<script' /var/log/apache2/access.log

Iqbolshoh php-business-website contact.php cross site scripting

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-12224 — XSS in php-business-website?

Am I affected by CVE-2025-12224 in php-business-website?

How do I fix CVE-2025-12224 in php-business-website?

Is CVE-2025-12224 being actively exploited?

Where can I find the official php-business-website advisory for CVE-2025-12224?

Seu projeto está afetado?