CVE-2025-14244 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-14244

CVE-2025-14244

December 08, 2025

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Related Resources (4)

https://vuldb.com/?ctiid.334754

https://gist.github.com/b1uel0n3/83f9965b3499a2abfee30c77458f718a

https://vuldb.com/?id.334754

https://vuldb.com/?submit.702435

Do you need more information?

CVSS v4

Base Score:

1.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Exploit Maturity

PROOF-OF-CONCEPT

CVSS v2

Base Score:

3.3

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

Exploitability

PROOF OF CONCEPT CODE

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Control of Generation of Code ('Code Injection')

CWE-94

EPSS

Base Score:

0.04

Products

Solutions

Resources

Company

Compare

Developer Tools