CNNVD-202512-4816 Information

CNNVD ID

CNNVD-202512-4816

Related CVE

CVE-2025-15094

• CNNVD Published: 2025-12-26

Description (Chinese)

sunkaifei FlyCms是sunkaifei开源的一个应用程序。一个类似知乎以问答为基础的完全开源的JAVA语言开发的社交网络建站程序。 sunkaifei FlyCms存在代码注入漏洞，该漏洞源于文件src/main/java/com/flycms/web/front/UserController.java中userLogin函数对参数redirectUrl的错误操作，可能导致跨站脚本攻击。

Description (English)

Sunkaifei FlyCms is an application from the Sunkaifei Open Source. A social networking site similar to a fully open-source JAVA language developed on a question-and-answer basis. Sunkaifei FlyCms has a code-inventing loophole, which stems from the error of the userLogin function in file src/main/java/com/flycms/web/front/UserController.java to the parameter redirectUrl, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

sunkaifei

Published

2025-12-26

Last Modified

2026-02-24

References

https://github.com/sunkaifei/FlyCms/ https://vuldb.com/?ctiid.338423 https://vuldb.com/?submit.708997 https://vuldb.com/?id.338423 https://github.com/sunkaifei/FlyCms/issues/16 https://access.redhat.com/security/cve/cve-2025-15094