CVE-2025-14005 | dayrui XunRuiCMS up to 4.7.1 Add Display Name Field data[name] cross site scripting

A vulnerability labeled as problematic has been found in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing manipulation of the argument data[name] can lead to cross site scripting.

This vulnerability is handled as CVE-2025-14005. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14005 | dayrui XunRuiCMS up to 4.7.1 Add Display Name Field data[name] cross site scripting

Post correlati

CVE-2017-20210 | QNAP Photo Station up to 5.2.6/5.4.0 XMR Mining privilege escalation

CVE-2024-30533 | Techeshta Layouts for Elementor Plugin up to 1.7 on WordPress unrestricted upload

CVE-2024-4045 | OptinMonster Popup Builder Plugin up to 2.16.1 on WordPress cross site scripting

CVE-2024-9973 | SourceCodester Online Eyewear Shop 1.0 Report Viewing Page /admin/?page=reports date sql injection