{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T15:13:44.150","vulnerabilities":[{"cve":{"id":"CVE-2025-50754","sourceIdentifier":"cve@mitre.org","published":"2025-08-04T21:15:30.400","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the \"Report\" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the template editor, upload and execute a PHP web shell on the server, leading to full remote code execution."},{"lang":"es","value":"Unisite CMS versión 5.0 contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la función \"Report\". Un script malicioso enviado por un atacante se muestra en el panel de administración cuando lo visualiza un administrador. Esto permite a los atacantes secuestrar la sesión de administrador y, mediante el editor de plantillas, cargar y ejecutar un shell web PHP en el servidor, lo que provoca la ejecución remota completa de código."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/furk4nyildiz/CVE-2025-50754-PoC","source":"cve@mitre.org"},{"url":"https://github.com/furk4nyildiz/CVE-2025-50754-PoC","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}