CVE-2025-15146

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0

Description A security issue exists in SohuTV CacheCloud. Manipulation of the doUserList function within the file src/main/java/com/sohu/cache/web/controller/UserManageController.java can lead to cross site scripting. This attack can be initiated remotely. The exploit is publicly available. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 3.2.0 should be updated. As a temporary workaround, consider restricting access to the doUserList function until a patch is available.