Vulnerabilities

CVE-2025-15093 - sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting

2025-12-26 0 views admin

CVE ID : CVE-2025-15093 Published : Dec. 26, 2025, 1:15 a.m. | 1 hour, 9 minutes ago Description : A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing manipulation of the argument redirectUrl results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15093

Severity

MEDIUM

Published

Dec. 26, 2025

Affected Product: java

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15093mediumjava

CVE-2025-15093 - sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15092 - UTT 进取 512W ConfigExceptMSN strcpy buffer overflow

CVE-2025-68938 - Gitea Authorization Bypass Vulnerability

CVE-2025-15094 - sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting

CVE-2025-15090 - UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting