PT-2025-53787 · Sohu · Sohutv Cachecloud

Zast.Ai

Published

2025-12-29

Updated

2026-01-06

CVE-2025-15202

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0

Description A flaw exists in SohuTV CacheCloud that allows for cross site scripting. This issue is related to the taskQueueList function within the file src/main/java/com/sohu/cache/web/controller/TaskController.java. The attack can be initiated remotely. The details of the issue have been publicly disclosed. The developers were notified but have not yet responded.

Recommendations Versions prior to 3.2.0 should be updated. As a temporary workaround, consider restricting access to the taskQueueList function until a patch is available.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-15202

Affected Products

Sohutv Cachecloud

PT-2025-53787 · Sohu · Sohutv Cachecloud

CVE-2025-15202

Weakness Enumeration

Related Identifiers

Affected Products

References · 10