AdaptCMS XSS Alert: When Sending Messages Goes Rogue!

Beware of messages with a little extra zing! AdaptCMS v3.0.3’s “Send Message” feature has a stored XSS vulnerability that might make your inbox more exciting than you bargained for. Users can inject scripts via the message field, turning your screen into a light show. Proceed with caution—or popcorn.

1P
Published: June 3, 2025 1:31 pmAdded: June 3, 2025 at 7:10 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In the world of cybersecurity, it looks like AdaptCMSv3.0.3 is the new “Send Message” app for cybercriminals who want to send a little more than just a “hello.” It appears that sending messages with a side of XSS is the new norm, and AdaptCMS just got its invite to the party. Who knew that one little “XSS” could make such a big splash? Time for AdaptCMS to adapt—or face the wrath of the XSS gremlins!

Key Points:

  • Stored XSS vulnerability discovered in AdaptCMSv3.0.3 “Send Message” feature.
  • Exploit allows users to inject malicious scripts into message fields.
  • Attack tested and confirmed on Debian 12 by Andrey Stoykov.
  • Payload triggers on message viewing, enabling potential widespread impact.
  • Remediation required to prevent exploitation by cyber mischief-makers.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?