CVE-2025-1548

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 21, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-1548 is a newly disclosed cross-site scripting (XSS) vulnerability affecting the iteachyou Dreamer CMS version 4.1.3. The flaw, which is located in the /admin/archives/edit file, can be exploited by manipulating the editorValue/answer/content argument. This attack can be initiated remotely, allowing attackers to inject malicious scripts into a victim's browser. The vulnerability has been made public, increasing the risk of widespread exploitation. The vendor was notified of the disclosure but did not provide a response or patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lOhIq
https://www.cve.org/CVERecord?id=CVE-2025-1548
https://nvd.nist.gov/vuln/detail/CVE-2025-1548

Back to Vulnerability Database

CVE-2025-1548

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations