CVE-2025-14519 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c advtext add cross site scripting

A vulnerability labeled as problematic has been found in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting.

This vulnerability is identified as CVE-2025-14519. The attack can be executed remotely. Additionally, an exploit exists.

This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14519 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c advtext add cross site scripting

Post correlati

CVE-2025-27278 | AcuGIS Leaflet Maps Plugin up to 5.1.1.0 on WordPress cross site scripting

CVE-2023-46495 | EverShop NPM up to 1.0.0-rc.7 Request sortBy cross site scripting

CVE-2023-38827 | Follet School Solutions Destiny 20_0_1_AU4 presentonesearchresultsform.do cross site scripting

CVE-2024-56827 | OpenJPEG up to 2.4.0 lib/openjp2/j2k.c opj_j2k_add_tlmarker heap-based overflow