CVE-2025-14007 | dayrui XunRuiCMS up to 4.7.1 Domain Name Binding Page admin79f2ec220c7e.php?c=api&m=demo&name=mobile cross site scripting

Inserito da Angelo Barbosa | Dic 4, 2025 | CVE

A vulnerability described as problematic has been identified in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting.

This vulnerability was named CVE-2025-14007. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14007 | dayrui XunRuiCMS up to 4.7.1 Domain Name Binding Page admin79f2ec220c7e.php?c=api&m=demo&name=mobile cross site scripting

Post correlati

CVE-2024-34613 | Samsung Galaxy Watch access control

CVE-2023-6578 | Software AG WebMethods 10.11.x/10.15.x wm.server/connect/ access control

CVE-2025-41649 | Weidmueller IE-SW-VL05M-5TX out-of-bounds write (VDE-2025-044)

CVE-2024-24565 | CrateDB 5.3.9/5.4.8/5.5.4/5.6.1 COPY FROM path traversal (GHSA-475g-vj6c-xf96)