Vulnerabilities

CVE-2025-15149 - rawchen ecms Add New Product updateProductServlet.java updateProductServlet cros...

2025-12-28 0 views admin
CVE-2025-15149 - rawchen ecms Add New Product updateProductServlet.java updateProductServlet cros...

CVE ID : CVE-2025-15149 Published : Dec. 28, 2025, 7:15 p.m. | 25 minutes ago Description : A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
Dec. 28, 2025
Affected Product: java

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15149mediumjava

More from Vulnerabilities

CVE-2025-15148 - CmsEasy Backend Template Management template_admin.php savetemp_action code inje...

CVE-2025-15148 - CmsEasy Backend Template Management template_admin.php savetemp_action code inje...

2025-12-28 0
CVE-2025-15146 - SohuTV CacheCloud UserManageController.java doUserList cross site scripting

CVE-2025-15146 - SohuTV CacheCloud UserManageController.java doUserList cross site scripting

2025-12-28 0
CVE-2025-15150 - PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow

CVE-2025-15150 - PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow

2025-12-28 0
CVE-2025-15142 - 9786 phpok3w show.php sql injection

CVE-2025-15142 - 9786 phpok3w show.php sql injection

2025-12-28 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views