CVE-2025-9728

low-risk

Published 2025-08-31

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is bbd4c42c66ab818142240348173a669d1d2537fe. Applying a patch is advised to resolve this issue.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Vvveb

Affected Vendors

Vvveb

References (8)

Patch https://github.com/givanz/Vvveb/commit/bbd4c42c66ab818142240348173a669d1d2537fe

Exploit https://github.com/givanz/Vvveb/issues/323

Exploit https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2

Permissions Required https://vuldb.com/?ctiid.322017

Third Party Advisory https://vuldb.com/?id.322017

Third Party Advisory https://vuldb.com/?submit.639704

Exploit https://github.com/givanz/Vvveb/issues/323

Exploit https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal