CNNVD-202512-491 Information

CNNVD ID

CNNVD-202512-491

Related CVE

CVE-2025-14013

• CNNVD Published: 2025-12-04

Description (Chinese)

JIZHICMS（极致CMS）是中国极致（JIZHI）公司的一套开源的内容管理系统（CMS）。 JIZHICMS 2.5.5及之前版本存在代码注入漏洞，该漏洞源于对文件/index.php/admins/Comment/addcomment.html中参数body的错误操作，可能导致跨站脚本。

Description (English)

JIZHICMS (extremely CMS) is an open-source content management system (CMS) of the Chinese company JIZHI. JIZHICMS 2.5.5 and previous versions contain a code-injecting loophole, which results from an error in the use of the parameter body in document/index.php/admins/Comment/addcomment.html, which may result in a cross-site script.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

极致

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/24-2021/vul2/blob/main/jizhicms%3DV2.5.5-Commentaddcomment.html-bodyparameter-Storage%20XSS/jizhicms%3DV2.5.5-Commentaddcomment.html-bodyparameter-Storage%20XSS.md https://vuldb.com/?ctiid.334254 https://vuldb.com/?id.334254 https://vuldb.com/?submit.694649