PatchSiren

ISPConfig CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ISPConfig CVE published 2026-05-05

CVE-2025-52206

CVE-2025-52206 is a Cross Site Scripting (XSS) vulnerability in ISPConfig 3.3.0 via the system status webpage. The vulnerability has a CVSS score of 4.7 and a severity of MEDIUM. This vulnerability allows an attacker to inject malicious JavaScript code, potentially leading to unauthorized actions or data exposure. Users of ISPConfig 3.3.0 should be aware of this vulnerability and take steps to mitigate it [truncated]