What is the CVSS score of CVE-2025-7713?

CVE-2025-7713 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Content Management System are affected by CVE-2025-7713?

A cross-site scripting (XSS) vulnerability in our Content Management System allows attackers to inject malicious code through HTTP headers, potentially compromising user sessions, stealing…

How to fix or mitigate CVE-2025-7713?

Within 24 hours: Identify all CMS instances in production and document their versions; notify business owners of affected systems and implement enhanced monitoring for suspicious HTTP header activity. Within 7 days: Deploy WAF rules to sanitize HTTP headers and block known XSS payloads; restrict CMS administrative access to whitelisted IP ranges; conduct security awareness training on phishing risks. Within 30 days: Contact vendor for patch timeline and interim updates; perform a code review of custom integrations; evaluate alternative CMS solutions if vendor cannot provide patch within 60 days.

Content Management System CVE-2025-7713

HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-01-29 iletisim@usom.gov.tr

XSS Content Management System

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 29, 2026 - 15:16 nvd

HIGH 7.5

DescriptionNVD

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025.

AnalysisAI

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Content Management System. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-7713 vulnerability details – vuln.today

Back

Content Management System CVE-2025-7713

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code