PT-2025-53698 · Unknown · Sohutv Cachecloud
Zast.Ai
·
Published
2025-12-29
·
Updated
2026-01-07
·
CVE-2025-15175
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SohuTV CacheCloud versions prior to 3.2.1
Description
A cross site scripting issue exists in SohuTV CacheCloud. The
doAppList/appCommandAnalysis function within the AppController.java file is affected by this issue. Manipulation of input can lead to the execution of malicious scripts. The exploit is publicly available and may be used to initiate attacks remotely. The project was notified of the issue but has not yet responded.Recommendations
Versions prior to 3.2.1 should be updated. As a temporary workaround, consider restricting access to the
doAppList/appCommandAnalysis function until a patch is available.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sohutv Cachecloud