NAME OF AFFECTED PRODUCT(S)

• FoxCMS

Vendor Homepage

• https://www.foxcms.cn/

AFFECTED AND/OR FIXED VERSION(S)

Submitter

• LBJ

Vulnerable File

• /index.php

VERSION(S)

• V1.2.6

Software Link

• https://www.foxcms.cn/

PROBLEM TYPE

Vulnerability Type

• Reflected Cross-Site Scripting (XSS)

Root Cause

• The /index.php file improperly reflects user-supplied input back into the response HTML without sufficient sanitization or encoding. This allows arbitrary JavaScript to be injected and executed in the context of the user’s session

Impact

• This vulnerability allows an attacker to execute arbitrary JavaScript in the victim’s browser. Potential consequences include:
  • Session hijacking (e.g., cookie theft)
  • Credential compromise
  • Redirection to malicious sites
  • Browser-based attacks (e.g., phishing, CSRF chaining)
  • Full account takeover (if session is stolen)