CVE-2025-3965

Опубликовано: 27 апр. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 5.4

CVSS2: 4

EPSS Низкий

Описание

A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/uglory-gll/javasec/blob/main/paicoding.md
Exploit
https://github.com/uglory-gll/javasec/blob/main/paicoding.md#1stored-cross-site-scripting
Exploit
https://vuldb.com/?ctiid.306301
Permissions Required
VDB Entry
https://vuldb.com/?id.306301
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.557249
Third Party Advisory
VDB Entry
https://github.com/uglory-gll/javasec/blob/main/paicoding.md
Exploit
https://github.com/uglory-gll/javasec/blob/main/paicoding.md#1stored-cross-site-scripting
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:itwanger:paicoding:1.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00037

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2cj8-639j-6rq5

CVSS3: 3.5

github

4 месяца назад

EPSS

Процентиль: 10%

0.00037

Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79