Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for crud 简约后台管理系统 by yangyouwang 杨有旺

    CVE-2025-2617 (GCVE-0-2025-2617)

    Vulnerability from nvd – Published: 2025-03-22 12:31 – Updated: 2025-03-24 13:52
    VLAI
    Title
    yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting
    Summary
    A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300619 vdb-entry
    https://vuldb.com/?ctiid.300619 signaturepermissions-required
    https://gitee.com/yangyouwang/crud/issues/IBSPOX exploitissue-tracking
    Impacted products
    Credits
    VulDB Gitee Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2617",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T13:51:23.642608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T13:52:11.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Department Page"
              ],
              "product": "crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangyouwang \u6768\u6709\u65fa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB Gitee Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Department Page. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-22T12:31:08.682Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300619 | yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Department Page cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.300619"
            },
            {
              "name": "VDB-300619 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300619"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangyouwang/crud/issues/IBSPOX"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T21:18:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Department Page cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2617",
        "datePublished": "2025-03-22T12:31:08.682Z",
        "dateReserved": "2025-03-21T20:13:49.587Z",
        "dateUpdated": "2025-03-24T13:52:11.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2616 (GCVE-0-2025-2616)

    Vulnerability from nvd – Published: 2025-03-22 10:00 – Updated: 2025-04-01 16:24
    VLAI
    Title
    yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting
    Summary
    A vulnerability classified as problematic has been found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300618 vdb-entry
    https://vuldb.com/?ctiid.300618 signaturepermissions-required
    https://vuldb.com/?submit.518962 third-party-advisory
    https://gitee.com/yangyouwang/crud/issues/IBSPOX exploitissue-tracking
    Impacted products
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T16:24:40.334511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T16:24:54.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Role Management Page"
              ],
              "product": "crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangyouwang \u6768\u6709\u65fa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente Role Management Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-22T10:00:12.314Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300618 | yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Role Management Page cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.300618"
            },
            {
              "name": "VDB-300618 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300618"
            },
            {
              "name": "Submit #518962 | \u6768\u6709\u65fa \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf v1.0.0 XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.518962"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangyouwang/crud/issues/IBSPOX"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T21:18:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Role Management Page cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2616",
        "datePublished": "2025-03-22T10:00:12.314Z",
        "dateReserved": "2025-03-21T20:13:47.392Z",
        "dateUpdated": "2025-04-01T16:24:54.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2617 (GCVE-0-2025-2617)

    Vulnerability from cvelistv5 – Published: 2025-03-22 12:31 – Updated: 2025-03-24 13:52
    VLAI
    Title
    yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting
    Summary
    A vulnerability classified as problematic was found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300619 vdb-entry
    https://vuldb.com/?ctiid.300619 signaturepermissions-required
    https://gitee.com/yangyouwang/crud/issues/IBSPOX exploitissue-tracking
    Impacted products
    Credits
    VulDB Gitee Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2617",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T13:51:23.642608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T13:52:11.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Department Page"
              ],
              "product": "crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangyouwang \u6768\u6709\u65fa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB Gitee Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0. Affected by this vulnerability is an unknown functionality of the component Department Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Department Page. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-22T12:31:08.682Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300619 | yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Department Page cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.300619"
            },
            {
              "name": "VDB-300619 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300619"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangyouwang/crud/issues/IBSPOX"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T21:18:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Department Page cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2617",
        "datePublished": "2025-03-22T12:31:08.682Z",
        "dateReserved": "2025-03-21T20:13:49.587Z",
        "dateUpdated": "2025-03-24T13:52:11.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2616 (GCVE-0-2025-2616)

    Vulnerability from cvelistv5 – Published: 2025-03-22 10:00 – Updated: 2025-04-01 16:24
    VLAI
    Title
    yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting
    Summary
    A vulnerability classified as problematic has been found in yangyouwang 杨有旺 crud 简约后台管理系统 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.300618 vdb-entry
    https://vuldb.com/?ctiid.300618 signaturepermissions-required
    https://vuldb.com/?submit.518962 third-party-advisory
    https://gitee.com/yangyouwang/crud/issues/IBSPOX exploitissue-tracking
    Impacted products
    Credits
    enenen (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T16:24:40.334511Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-01T16:24:54.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Role Management Page"
              ],
              "product": "crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf",
              "vendor": "yangyouwang \u6768\u6709\u65fa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "enenen (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0. Affected is an unknown function of the component Role Management Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf 1.0.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Komponente Role Management Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-22T10:00:12.314Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-300618 | yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Role Management Page cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.300618"
            },
            {
              "name": "VDB-300618 | CTI Indicators (IOB, IOC, TTP)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.300618"
            },
            {
              "name": "Submit #518962 | \u6768\u6709\u65fa \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf v1.0.0 XSS",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.518962"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://gitee.com/yangyouwang/crud/issues/IBSPOX"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-03-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-03-21T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-03-21T21:18:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "yangyouwang \u6768\u6709\u65fa crud \u7b80\u7ea6\u540e\u53f0\u7ba1\u7406\u7cfb\u7edf Role Management Page cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-2616",
        "datePublished": "2025-03-22T10:00:12.314Z",
        "dateReserved": "2025-03-21T20:13:47.392Z",
        "dateUpdated": "2025-04-01T16:24:54.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }