Cross-Site Scripting Vulnerability in JIZHICMS by Langfang Extreme Network Technology Co., Ltd
CVE-2025-14013

4.8MEDIUM

Key Information:

Vendor

Langfang Extreme Network Technology Co., Ltd

Status
Jizhicms
Vendor
CVE Published:
4 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-14013?

A cross-site scripting vulnerability exists in JIZHICMS versions up to 2.5.5, specifically within the Comment Handler component, located at /index.php/admins/Comment/addcomment.html. This flaw allows malicious users to manipulate the 'body' argument, potentially enabling the remote execution of harmful scripts. The vulnerability has been publicly acknowledged, with exploit code available, highlighting an urgent need for remediation. The vendor has been notified of the issue, yet there has been no response to address the security concern.

Affected Version(s)

JIZHICMS 2.5.0

JIZHICMS 2.5.1

JIZHICMS 2.5.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14013 - Proof of Concept

References

https://vuldb.com/?id.334254
vdb-entrytechnical-description
https://vuldb.com/?ctiid.334254
signaturepermissions-required
https://vuldb.com/?submit.694649
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

nobb (VulDB User)
JSON
.
CVE-2025-14013 : Cross-Site Scripting Vulnerability in JIZHICMS by Langfang Extreme Network Technology Co., Ltd