Skip to main content

Drimo Cms

1 CVEs product

Monthly

CVE-2026-11772 MEDIUM Monitor

Reflected XSS in DRIMO CMS search functionality allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by tricking them into clicking a specially crafted URL containing a malicious payload in the `q` parameter. All versions are affected via the CPE wildcard (cpe:2.3:a:drimo:drimo_cms:*), and the product has been declared End of Life - no security patch will be issued. The sole vendor-acknowledged mitigation, confirmed by CERT-PL, is deletion of the `info.php` file; no public exploit code or KEV listing has been identified at time of analysis.

XSS PHP Drimo Cms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
EPSS 0% CVSS 5.1
MEDIUM Monitor

Reflected XSS in DRIMO CMS search functionality allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by tricking them into clicking a specially crafted URL containing a malicious payload in the `q` parameter. All versions are affected via the CPE wildcard (cpe:2.3:a:drimo:drimo_cms:*), and the product has been declared End of Life - no security patch will be issued. The sole vendor-acknowledged mitigation, confirmed by CERT-PL, is deletion of the `info.php` file; no public exploit code or KEV listing has been identified at time of analysis.

XSS PHP Drimo Cms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy