CVE-2025-52206 Reflected Cross Site Scripting (XSS) [Suggested description] ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. ------------------------------------------ [Additional Information] https://{IP}/monitor/show_sys_state.php?state=server&server= ------------------------------------------ [Vulnerability Type] Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product] ISPConfig ------------------------------------------ [Affected Product Code Base] ISPConfig - 3.3.0 ------------------------------------------ [Affected Component] ISPConfig system status webpage ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [CVE Impact Other] Run Arbitrary Javascript code ------------------------------------------ [Attack Vectors] Crafted Url ------------------------------------------ [Discoverer] Marco Nappi ------------------------------------------ [Reference] http://ispconfig.com https://www.ispconfig.org/blog/ispconfig-3-3-0p2-released-security-update/ ------------------------------------------