MEDIUM🇵🇱 Wersja polska

CVE-2025-3531

CVSS 5.3v4.0pub. 2025-04-13upd. 2025-06-27

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Youdiancms

    APP
    Youdiancms
    9.5.21
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-57052CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień przez manipulację sessionID w YouDianCMS

CVE-2022-32301CRITICAL9.8ten sam produkt

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib...

CVE-2022-32300HIGH8.8ten sam produkt

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App...

CVE-2022-32299HIGH8.8ten sam produkt

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Act...

CVE-2020-18116HIGH8.8ten sam produkt

A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL ...