CVE-2025-52169

Vulnerability

Overview

A reflected cross-site scripting (XSS) vulnerability exists in agorum core open, an enterprise content management (ECM) system from agorum Software GmbH. The issue, cataloged as CWE-79, stems from improper neutralization of user-supplied input during web page generation. Numerous endpoints across the application fail to sanitize or encode parameters before reflection in HTTP responses, indicating a systemic flaw in input handling [1].

Exploitation

Method

An attacker can exploit this vulnerability by crafting a malicious URL containing JavaScript payloads in parameters such as userName. For example, the request GET /roiwebui/roiwebui_module/BeginSSOLogin.jsp?userName=%22);}alert(document.domain);%3C/script%3E causes the server to reflect the injected script back to the victim’s browser, executing it in the security context of the targeted site [1]. The attack requires no authentication and can be delivered via social engineering (e.g., phishing links). A non-exhaustive list of affected endpoints includes OpenDocumentMessage.jsp, SSO.jsp, and SSOConvertToPdf.jsp, among many others [1].

Impact

Successful exploitation enables an attacker to execute arbitrary JavaScript in the victim's browser within the session context of the agorum core application. This could lead to session hijacking, credential theft, sensitive data exposure, or defacement of content. The CVSS v3.1 base score is 7.1 (High), reflecting the ease of exploitation and potential for significant harm [1].

Mitigation

Status

The vendor, agorum Software GmbH, acknowledged the vulnerability and has released fixes. The affected versions are v11.9.2 and v11.10.1; users should update to the latest patched version to remediate the issue. The advisory notes that the vulnerability was addressed prior to public disclosure [1].