CVE-2025-25973

Medium CVSS: 6.5

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.

Vendor

Yandaozi

Product

Ppress

CWE

CWE-79

Yayın Tarihi

2025-02-20 18:15:26

Güncelleme

2025-09-23 19:16:04

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Ppress MEDIUM Yandaozi 2025

Referanslar

https://gist.github.com/coleak2021/512acaa12ba0987499d560967acff1d1 https://github.com/yandaozi/PPress/issues/3

Benzer Kayıtlar

High

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9.

High

CVE-2025-54761

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.

High

CVE-2025-54815

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via craft…