CVE-2025-15416

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4

Description A cross-site scripting issue exists in xnx3 wangmarket. The issue is located in the Add Global Variable Handler component, specifically within the file /siteVar/save.do. Manipulation of the Remark/Variable Value argument can lead to the execution of cross-site scripting attacks remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 6.4 should be updated. As a temporary workaround, consider restricting access to the /siteVar/save.do file to minimize the risk of exploitation.