{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T19:24:22.899","vulnerabilities":[{"cve":{"id":"CVE-2025-44024","sourceIdentifier":"cve@mitre.org","published":"2025-05-14T21:15:59.077","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An attacker can inject malicious JavaScript code into the username or password fields during the login process"},{"lang":"es","value":"Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) en el sistema Pichome v2.1.0 y versiones anteriores. Esta vulnerabilidad existe debido a una limpieza insuficiente de la información del usuario en el formulario de inicio de sesión. Un atacante puede inyectar código JavaScript malicioso en los campos de nombre de usuario o contraseña durante el proceso de inicio de sesión."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/zyx0814/Pichome/issues/50","source":"cve@mitre.org"},{"url":"https://github.com/zyx0814/Pichome/issues/50","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}