CVE-2025-15144 | dayrui XunRuiCMS up to 4.7.1 JSONP Callback /dayrui/Fcms/Init.php dr_show_error/dr_exit_msg callback cross site scripting

A vulnerability, which was classified as problematic, has been found in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting.

This vulnerability is handled as CVE-2025-15144. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15144 | dayrui XunRuiCMS up to 4.7.1 JSONP Callback /dayrui/Fcms/Init.php dr_show_error/dr_exit_msg callback cross site scripting

Post correlati

CVE-2024-13193 | SEMCMS up to 4.8 Image Library Management Page SEMCMS_Images.php sql injection

CVE-2024-11455 | wolfgang101 Include Mastodon Feed Plugin up to 1.9.5 on WordPress Shortcode include-mastodon-feed cross site scripting

CVE-2024-13551 | paulrosen ABC Notation Plugin up to 6.1.3 on WordPress Shortcode abcjs cross site scripting

CVE-2024-44872 | moziloCMS 3.0 cross site scripting