Cross Site Scripting Vulnerability in mirweiye Seven Bears Library CMS
CVE-2025-3688

2.4LOW

Key Information:

Vendor: mirweiye
Status: Seven Bears Library CMS
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-3688?

A cross site scripting vulnerability has been identified in the Background Management Page of mirweiye Seven Bears Library CMS 2023. This vulnerability allows remote attackers to manipulate the affected component, potentially leading to unauthorized access and malicious actions on end-users' browsers. With the exploit already disclosed publicly, it poses a significant risk to users who have not applied the necessary security measures.

References

https://github.com/KKDT12138/CVE/blob/main/cve.pdf

https://vuldb.com/?ctiid.304977

https://vuldb.com/?id.304977

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025

JSON