PT-2025-10555 · Dayrui · Xunruicms

Sechzredo

Published

2025-03-09

Updated

2025-03-11

CVE-2025-2131

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.6.3

Description A vulnerability was found in the component Friendly Links Handler of dayrui XunRuiCMS. The manipulation of the Website Address argument leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For dayrui XunRuiCMS versions up to 4.6.3, consider disabling the Friendly Links Handler component until a patch is available. Restrict access to the Website Address argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-2131

Affected Products

Xunruicms

PT-2025-10555 · Dayrui · Xunruicms

CVE-2025-2131

Weakness Enumeration

Related Identifiers

Affected Products

References · 14