CVE-2025-8528

Medium CVSS: 6.3

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Vendor

Exrick

Product

Xboot

CWE

CWE-312

Yayın Tarihi

2025-08-04 22:15:29

Güncelleme

2025-08-28 11:52:22

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-312 Xboot MEDIUM Exrick 2025

Referanslar

https://github.com/Exrick/xboot/issues/69 https://github.com/Exrick/xboot/issues/69#issue-3252177305 https://vuldb.com/?ctiid.318654 https://vuldb.com/?id.318654 https://vuldb.com/?submit.622175

Benzer Kayıtlar

High

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users'…

Medium

CVE-2025-65540

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data.…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…

Critical

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.