PT-2025-54174 · Sunhailin12315 · Product-Review 商品评价系统
Javaalpha
·
Published
2025-12-30
·
Updated
2025-12-30
·
CVE-2025-15248
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
sunhailin12315 product-review 商品评价系统 versions up to 91ead6890b4065bb45b7602d0d73348e75cb4639
Description
A security flaw exists in the sunhailin12315 product-review 商品评价系统. The issue is related to cross site scripting, which can be triggered by manipulating the
content argument within the Write a Review component. This allows for remote execution of malicious scripts. The exploit has been publicly released. The project maintainers were notified of the issue but have not yet responded.Recommendations
Versions up to 91ead6890b4065bb45b7602d0d73348e75cb4639 should be updated when a fix becomes available. As a temporary workaround, consider sanitizing the
content input to prevent script injection.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Product-Review 商品评价系统