Cross-Site Scripting Vulnerability in Bigotry OneBase by Hubei Yuanjian Software Technology Co., LTD
CVE-2025-7569

5.1MEDIUM

Key Information:

Vendor: Bigotry
Status: Onebase
Vendor: CVE Published:; 14 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7569?

A vulnerability exists in Bigotry OneBase prior to version 1.3.6, specifically within the parse_args function found in the /tpl/think_exception.tpl file. This flaw allows attackers to manipulate arguments, leading to cross-site scripting (XSS) exploits that can be executed remotely. This security issue has been publicly disclosed, and despite early notifications to the vendor, no response has been received, raising concerns about potential exploitation.

Affected Version(s)

OneBase 1.3.0

OneBase 1.3.1

OneBase 1.3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7569 - Proof of Concept