Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-25070— WolfCMS User Add cross site scripting

CVSS 3.5 · Low EPSS 0.35% · P58
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-25070

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WolfCMS User Add cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WolfCMS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WolfCMS是通过提供优雅的用户界面、灵活的每页模板、简单的用户管理和权限以及文件管理所需的工具来简化内容管理。 WolfCMS 0.8.3.1 及其之前版本存在跨站脚本漏洞,该漏洞源于组件 User Add 的文件 /wolfcms/?/admin/user/add缺少参数的过滤转义。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-WolfCMS 0.8.3.0 -

II. Public POCs for CVE-2019-25070

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-25070

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-06-09 · 24 CVEs total

CVE-2019-250676.3 MEDIUMPodman/Varlink API Privilege Escalation
CVE-2021-40668HTTP File Server 路径遍历漏洞
CVE-2022-32272OPSWAT MetaDefender Core 安全漏洞
CVE-2022-31214Firejail 权限许可和访问控制问题漏洞
CVE-2021-40961CMS Made Simple SQL注入漏洞
CVE-2022-32195EDX Open edX 跨站脚本漏洞
CVE-2022-25807IGEL Universal Management Suite 信任管理问题漏洞
CVE-2022-25806IGEL Universal Management Suite 信任管理问题漏洞
CVE-2022-25805IGEL Universal Management Suite 安全漏洞
CVE-2022-25804IGEL Universal Management Suite 安全漏洞
CVE-2022-31649ownCloud 安全漏洞
CVE-2022-30075TP-LINK AX50 代码注入漏洞
CVE-2021-40610Emlog 跨站脚本漏洞
CVE-2022-30898CSCMS Music Portal System 跨站请求伪造漏洞
CVE-2022-31386nbnbk 代码问题漏洞
CVE-2022-31390JIZHICMS 代码问题漏洞
CVE-2022-31393JIZHICMS 代码问题漏洞
CVE-2022-31830Kity Minder 代码问题漏洞
CVE-2022-31827Monsta FTP 代码问题漏洞
CVE-2022-2035Rusici Software SCORM Engine 跨站脚本漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-80

V. Comments for CVE-2019-25070

No comments yet

Leave a comment