CVE-2025-14801 | xiweicheng TMS up to 2.28.0 create createComment content cross site scripting

Inserito da Angelo Barbosa | Dic 16, 2025 | CVE

A vulnerability classified as problematic was found in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting.

This vulnerability is listed as CVE-2025-14801. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14801 | xiweicheng TMS up to 2.28.0 create createComment content cross site scripting

Post correlati

CVE-2023-27291 | IBM Watson CP4D Data Stores 4.6.0/4.6.1/4.6.2/4.6.3 missing encryption (XFDB-248740)

CVE-2024-12793 | PbootCMS up to 5.2.3 IndexController.php tag path traversal

CVE-2023-52329 | Trend Micro Apex Central cross site scripting

CVE-2024-7063 | ElementsKit Pro Plugin up to 3.6.6 on WordPress information disclosure