Vulnerabilities

CVE-2025-15094 - sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting

2025-12-26 0 views admin

CVE ID : CVE-2025-15094 Published : Dec. 26, 2025, 1:32 a.m. | 53 minutes ago Description : A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15094

Published

Dec. 26, 2025

Affected Product: java

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15094java

CVE-2025-15094 - sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15093 - sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting

CVE-2025-15092 - UTT 进取 512W ConfigExceptMSN strcpy buffer overflow

CVE-2025-68938 - Gitea Authorization Bypass Vulnerability

CVE-2025-15090 - UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting