CVE-2025-3531

4/13/2025 6:15:14 AM

26 روز قبل

Reporter :cna@vuldb.com

Modified :4/13/2025 6:15:14 AM

Problem Data :CWE-79

Description

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Cvss Version 2.0

5 AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

Cvss Version 3.1

4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	Low
Availability Impact	None

Cvss Version 4.0

5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction
Vulnerability Complexity	None
Vulnerability Impact	Low

EPSS

Epss Score	0
Epss Percentile	0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.

Reference

لینک	منبع	تگ ها
https://github.com/zonesec0/findcve/issues/4
https://vuldb.com/?id.304569
https://github.com/zonesec0/findcve/issues/5
https://vuldb.com/?submit.543080
https://vuldb.com/?ctiid.304569