{"id":63831,"date":"2025-08-09T21:36:39","date_gmt":"2025-08-09T21:36:39","guid":{"rendered":""},"modified":"2025-10-30T04:22:06","modified_gmt":"2025-10-30T10:22:06","slug":"cve-2025-50754-stored-cross-site-scripting-xss-vulnerability-leading-to-remote-code-execution-in-unisite-cms-5-0","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-50754-stored-cross-site-scripting-xss-vulnerability-leading-to-remote-code-execution-in-unisite-cms-5-0\/","title":{"rendered":"CVE-2025-50754: Stored Cross-Site Scripting (XSS) Vulnerability Leading to Remote Code Execution in Unisite CMS 5.0<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity landscape is no stranger to vulnerabilities that can potentially compromise systems and leak sensitive data. One such vulnerability is the CVE-2025-50754 that affects the Unisite CMS version 5.0. This vulnerability is a stored Cross-Site Scripting<\/a> (XSS) flaw found in the “Report” functionality of the CMS. The impact of this vulnerability is significant as it allows attackers to hijack the admin session and execute remote<\/a> code on the server. All users of Unisite CMS 5.0 are potentially at risk, making it imperative to understand the nature of this vulnerability and take swift actions<\/a> to mitigate it.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-50754
\nSeverity: Critical (9.6 CVSS Score)
\nAttack Vector: Stored Cross-Site Scripting<\/a> (XSS)
\nPrivileges Required: User level
\nUser Interaction: Required
\nImpact: Hijacking of admin session leading to full remote code execution<\/a> and potential system compromise<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n