CVE-2025-15094
Published
CVSS v3
4.3
MEDIUM
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
FlyCms 是一个类似知乎以问答为基础的完全开源的JAVA语言开发的社交网络建站程序,基于 Spring Boot+Bootstrap3+MyBatis+MySql+Solr +Ehcache应用架构,专注于社区内容的整理、归类和检索,它集合了问答,digg,wiki 等多个程序的优点,帮助用户轻松搭建专业的知识库和在线问答社区。业务模块包括:权限管理,会员管理,角色管理,定时任务管理(调度管理),问答管理,文章管理,分享管理,短信接口管理和邮件系统发送(注册、找回密码、邮件订阅),跨域登录,消息推送,全文检索、前端国际化等等众多模块,等您自己来体验!
GitHub