Cross-Site Scripting Vulnerability in Aitangbao Springboot Manager 3.0
CVE-2025-2211
4.8MEDIUM
Summary
Aitangbao Springboot Manager 3.0 contains a vulnerability that enables attackers to perform cross-site scripting (XSS) by manipulating the 'name' argument in the /sysDictDetail/add function. This flaw can be exploited remotely, allowing attackers to execute malicious scripts in the context of unsuspecting users. Although the vendor was informed of the issue, there has been no response to the disclosure. It is essential for users of this product to assess their risk and implement appropriate security measures.
Affected Version(s)
springboot-manager 3.0
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
uglory (VulDB User)