CVE-2025-10386 | Yida ECMS Consulting Enterprise Management System 1.0 POST Request /login.do requestUrl cross site scripting

Inserito da Angelo Barbosa | Set 13, 2025 | CVE

A vulnerability classified as problematic was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting.

This vulnerability is known as CVE-2025-10386. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10386 | Yida ECMS Consulting Enterprise Management System 1.0 POST Request /login.do requestUrl cross site scripting

Post correlati

CVE-2024-56447 | Huawei HarmonyOS/EMUI Window Management Module privileges management

CVE-2025-0559 | Campcodes School Management Software 1.0 Create Id Card Page /create-id-card ID Card Title cross site scripting

CVE-2023-4855 | Lenovo SMM/SMM2/FPC IPMI os command injection

CVE-2024-53258 | Autolab download_all_submissions exposure of private personal information to an unauthorized actor (1aa4c769)