CVE-2025-1360

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 16, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-1360 is a newly identified vulnerability affecting Internet Web Solutions Sublime CRM versions up to 20250207. This issue, classified as problematic, lies within the HTTP POST Request Handler component and an unknown function in the file /crm/inicio.php. The vulnerability stems from a cross-site scripting (XSS) weakness, which can be triggered remotely by manipulating the argument msg_to. Other parameters may also be susceptible to this exploit. Despite early disclosure, the vendor has yet to respond to contact regarding this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3ZSCT9
https://www.cve.org/CVERecord?id=CVE-2025-1360
https://nvd.nist.gov/vuln/detail/CVE-2025-1360

Back to Vulnerability Database

CVE-2025-1360

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations