Skip to main content

Phox Hosting

1 CVEs product

Monthly

CVE-2026-25013 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WHMCSdes Phox Hosting plugin (versions up to and including 2.0.8) that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to execute arbitrary JavaScript in the context of a victim's browser session. While no CVSS score, EPSS probability, or active KEV status was provided in available intelligence, the reflected XSS classification indicates moderate-to-high real-world risk depending on deployment context and user interaction requirements.

XSS Phox Hosting
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WHMCSdes Phox Hosting plugin (versions up to and including 2.0.8) that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to execute arbitrary JavaScript in the context of a victim's browser session. While no CVSS score, EPSS probability, or active KEV status was provided in available intelligence, the reflected XSS classification indicates moderate-to-high real-world risk depending on deployment context and user interaction requirements.

XSS Phox Hosting
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy