CVE-2025-51487

Published
View on NVD ↗
CVSS v3
4.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article.

GiacoLenzo2109/MoonShine_Software_PoCs
GiacoLenzo2109/MoonShine_Software_PoCs
GitHubGitHub
moonshine-software/moonshine
moonshine-software/moonshine
Laravel Admin panel and more. Simple for beginners and powerful for experts. Using Blade, Alpine.js and Tailwind CSS.
GitHubGitHub
1.1K