CVE-2025-4542 | Freeebird Hotel 酒店管理系统 API up to 1.2 SessionInterceptor.java cross-domain policy

Inserito da Angelo Barbosa | Mag 10, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains.

This vulnerability is handled as CVE-2025-4542. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-4542 | Freeebird Hotel 酒店管理系统 API up to 1.2 SessionInterceptor.java cross-domain policy

Post correlati

CVE-2024-9864 | metagauss EventPrime Plugin up to 4.0.4.7 on WordPress cross site scripting

CVE-2024-4817 | Campcodes Online Laundry Management System 1.0 HTTP Request Parameter manage_user.php id resource injection

CVE-2024-8430 | spicethemes Spice Starter Sites Plugin up to 1.2.5 on WordPress spice_starter_sites_importer_creater authorization

CVE-2024-24134 | SourceCodester Online Food Menu 1.0 Update Menu Section Menu Name/Description cross site scripting