Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-25495 — Cross-site Scripting in Openserver

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Xinuos Openserver

Timeline

PublishedDec 18

Latest updateMay 24

Description

A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDxinuos/openserver5.0.7, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-84vg-rpfp-p469: A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary we↗2022-05-24

▶

💥Exploits & PoCs

Exploit-DB

SCO Openserver 5.0.7 - 'section' Reflected XSS↗2020-12-21

▶

Nuclei

Xinuo Openserver 5/6 - Cross-Site scripting

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter October 2025↗

▶