CVE-2025-3152

Name of the Vulnerable Software and Affected Versions caipeichao ThinkOX version 1.0

Description A problematic vulnerability has been found in the Search component of the software. The issue is related to the manipulation of the keywords argument, which leads to cross-site scripting. This can be initiated remotely. The exploit has been disclosed publicly.

Recommendations For version 1.0, consider restricting access to the /ThinkOX-master/index.php?s=/Weibo/Index/search.html endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the keywords argument in the affected Search component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.