CVE-2025-7569

Name of the Vulnerable Software and Affected Versions: Bigotry OneBase versions through 1.3.6

Description: A flaw exists in Bigotry OneBase that allows for cross site scripting. The issue is located in the parse args function within the /tpl/think exception.tpl file. Manipulation of the args argument can trigger the flaw. The attack can be initiated remotely. The details of the exploit have been publicly disclosed.

Recommendations: Versions prior to 1.3.6 are affected. As a temporary workaround, consider restricting access to the /tpl/think exception.tpl file until a patch is available. Avoid using the args argument in the parse args function until the issue is resolved.