CVE-2025-14013 | JIZHICMS up to 2.5.5 Comment addcomment.html body cross site scripting

A vulnerability has been found in JIZHICMS up to 2.5.5 and classified as problematic. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting.

This vulnerability is listed as CVE-2025-14013. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14013 | JIZHICMS up to 2.5.5 Comment addcomment.html body cross site scripting

Post correlati

CVE-2024-40416 | Tenda AX1806 1.0.0.1 SetVirtualServerCfg sub_6320C stack-based overflow

CVE-2024-39884 | Apache HTTP Server AddType source code

CVE-2025-6798 | Marvell QConvergeConsole deleteAppFile path traversal

CVE-2024-1934 | WP Compress Plugin up to 6.11.10 on WordPress CDN authorization