CNNVD-202512-4868 Information

Dec 28, 2025 cve

CNNVD ID

CNNVD-202512-4868

CVE-2025-15149

CNNVD Published: 2025-12-28

Description (Chinese)

HOMEECMS是tgywatalive个人开发者的一个电子商城建站系统。 HOMEECMS b59d7feaa9094234e8aa6c8c6b290621ca575ded及之前版本存在代码注入漏洞，该漏洞源于文件src/servlet/product/updateProductServlet.java中参数productName的错误操作，可能导致跨站脚本。

Description (English)

HOMEECMS is an electronic commercial city construction system of tywatalive personal developers. HOMEECMS b59d7fea49434ea8a6a6c8c8c6c6b290621ca575ded and previous versions have a code-injecting loophole, which stems from the error of the parameter produtName in document src/servlet/product/updateProdutServlet.java, which may result in a cross-site script.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?id.338526 https://vuldb.com/?submit.716583 https://vuldb.com/?ctiid.338526 https://github.com/zyhzheng500-maker/cve/blob/main/%E5%AD%98%E5%82%A8%E5%9E%8BXss.md https://access.redhat.com/security/cve/cve-2025-15149

Share on: