Givanz Vvweb Add Type Handler XSS Vulnerability (CVE-2025-8521)

Key Information Vulnerability ID: CVE-2025-8521 Affected Product: Givanz Vvweb up to 1.0.5 Vulnerability Type: Cross Site Scripting (XSS) Affected Component: Add Type Handler Affected File: /vadmin123/index.php?module=settings/post-types CVE Classification: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Attack Vector: Remote attack possible, requires user interaction Exploit Difficulty: Easy Remediation Recommendation: Upgrade to version 1.0.6 or apply the provided patch Patch Source: GitHub.com Patch Hash: b53c7161da606f512b7efcb392d6ffc708688d49/605a70f8729e4d44ebe272671cb1e43e3d6ae014 Related Links: - hkohi.ca (Vulnerability details and PoC) - GitHub (Patch download) Vulnerability Description This vulnerability exists in the Add Type Handler component of Givanz Vvweb versions up to 1.0.5, specifically within an unknown function in the file /vadmin123/index.php?module=settings/post-types. Due to improper handling of user-controlled input, a Cross-Site Scripting (XSS) vulnerability is introduced. Attackers can exploit this vulnerability remotely, and public exploit code is known to exist. Users are advised to upgrade to version 1.0.6 or apply the provided patch to mitigate this issue.

Goal Reached Thanks to every supporter — we hit 100%!

Givanz Vvweb Add Type Handler XSS Vulnerability (CVE-2025-8521)