CVE-2025-15094

Name of the Vulnerable Software and Affected Versions FlyCMS (affected versions not specified)

Description A flaw exists in the User Login functionality of FlyCMS. Specifically, manipulation of the redirectUrl argument within the userLogin function in the file src/main/java/com/flycms/web/front/UserController.java can lead to cross-site scripting. This issue is remotely exploitable, and details about its exploitation are publicly available. The project maintainers were notified but have not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.