CVE-2025-14006 | dayrui XunRuiCMS up to 4.7.1 Add Data Validation Page data[name] cross site scripting

A vulnerability marked as problematic has been reported in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument data[name] leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-14006. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14006 | dayrui XunRuiCMS up to 4.7.1 Add Data Validation Page data[name] cross site scripting

Post correlati

CVE-2021-46917 | Linux Kernel up to 5.10.31/5.11/5.11.15 idxd Privilege Escalation (e5eb9757fe4c/f7dc8f561916/ea9aadc06a9f)

CVE-2024-51722 | BlackBerry SecuSUITE up to 5.0.420 Configuration File unnecessary privileges

CVE-2025-36050 | IBM QRadar SIEM up to 7.5.0 Update Package 12 log file

CVE-2024-26581 | Linux Kernel up to 6.1.77/6.6.16/6.7.4/6.8-rc3 Netfilter nft_set_rbtree.c nft_set_rbtree Privilege Escalation