CVE-2025-15094 | sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414 User Login UserController.java userLogin redirectUrl cross site scripting (Issue 16)

A vulnerability classified as problematic was found in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can lead to cross site scripting.

This vulnerability is tracked as CVE-2025-15094. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15094 | sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414 User Login UserController.java userLogin redirectUrl cross site scripting (Issue 16)

Post correlati

CVE-2024-25969 | Dell PowerScale OneFS up to 9.3.0.0/9.4.0.17/9.5.0.7/9.7.0.1 allocation of resources (dsa-2024-163)

CVE-2024-47156 | Honor MagicOS prior 8.0.0.135 information disclosure

CVE-2025-4456 | Project Worlds Car Rental Project 1.0 /signup.php fname sql injection

CVE-2024-33531 | cdbattags lua-resty-jwt 0.2.3 Enc Header improper authentication