CNNVD-202512-4873 Information

CNNVD ID

CNNVD-202512-4873

Related CVE

CVE-2025-15144

• CNNVD Published: 2025-12-28

Description (Chinese)

xunruicms是XunRuiCMS个人开发者的一个建站框架。 XunRuiCMS 4.7.1及之前版本存在跨站脚本漏洞，该漏洞源于文件/dayrui/Fcms/Init.php中参数callback的错误操作，可能导致跨站脚本。

Description (English)

xunruicms is a framework for the construction of XunruiCMS by individual developers. XunRuiCMS 4.7.1 and previous versions contain a cross-site script loophole, which stems from the wrong operation of the parameter Callback in the document/dayrui/Fcms/Init.php, which may result in a cross-site script.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-12-28

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/gbCf35DJ3los https://vuldb.com/?ctiid.338522 https://vuldb.com/?submit.716122 https://vuldb.com/?id.338522 https://access.redhat.com/security/cve/cve-2025-15144