CVE-2025-15093

Name of the Vulnerable Software and Affected Versions sunkaifei FlyCMS versions prior to abbaa5a8daefb146ad4d61027035026b052cb414

Description A security issue exists in sunkaifei FlyCMS related to the Admin Login component. Manipulation of the redirectUrl argument in an unknown function within the file src/main/java/com/flycms/web/system/IndexAdminController.java can lead to cross site scripting. This attack can be initiated remotely. The exploit for this issue is publicly available. The product uses continuous delivery with rolling releases, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this disclosure but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.