Cross-Site Scripting Vulnerability in aitangbao springboot-manager by aitangbao
CVE-2025-2209

4.8MEDIUM

Key Information:

Vendor: Aitangbao
Status: Springboot-manager
Vendor: CVE Published:; 11 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2209?

A cross-site scripting vulnerability exists in the aitangbao springboot-manager 3.0 application. This vulnerability is due to improper validation of request parameters, specifically within the function located at /sysDict/add. An attacker can exploit this weakness by manipulating the 'name' argument, potentially executing malicious scripts in the context of the user's browser. This issue poses a risk of remote attacks, allowing the attacker to inject harmful code which could compromise user data or session integrity. Despite attempts to inform the vendor of this vulnerability, no response was received, making this issue particularly urgent for users of the affected software.

Affected Version(s)

springboot-manager 3.0

References

https://vuldb.com/?id.299280

vdb-entrytechnical-description

https://vuldb.com/?ctiid.299280

signaturepermissions-required

https://vuldb.com/?submit.511739

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 11, 2025
👾
Exploit known to exist
Mar 11, 2025
Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Mar 11, 2025

Credit

uglory (VulDB User)

Aitangbao

Badges

What is CVE-2025-2209?

Affected Version(s)

References

CVSS V4

Timeline

Credit