Cross-Site Scripting Vulnerability in aitangbao springboot-manager by aitangbao
CVE-2025-2206

4.8MEDIUM

Key Information:

Vendor
Aitangbao
Status
Springboot-manager
Vendor
CVE Published:
11 March 2025

Badges

👾 Exploit Exists

Summary

A cross-site scripting (XSS) vulnerability has been discovered in aitangbao springboot-manager 3.0 that could allow an attacker to manipulate user input through the argument name in the /sys/permission file. This flaw enables attackers to execute malicious scripts in the context of the affected user's session, facilitating unauthorized access and data manipulation. The vulnerability can be exploited remotely, posing a significant risk to users of the affected product. The vendor has been informed of this security issue, but no response was received regarding a mitigation strategy.

Affected Version(s)

springboot-manager 3.0

References

https://vuldb.com/?id.299277
vdb-entrytechnical-description
https://vuldb.com/?ctiid.299277
signaturepermissions-required
https://vuldb.com/?submit.511736
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

uglory (VulDB User)
.