CVE-2025-15149 | rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded Add New Product Page updateProductServlet.java updateProductServlet productName cross site scripting

A vulnerability was found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. It has been classified as problematic. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting.

This vulnerability is referenced as CVE-2025-15149. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15149 | rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded Add New Product Page updateProductServlet.java updateProductServlet productName cross site scripting

Post correlati

CVE-2024-55505 | CodeAstro Complaint Management System 1.0 mess-view.php Privilege Escalation

CVE-2024-10753 | PHPGurukul Online Shopping Portal 2.0 dom_data_two_headers.php scripts cross site scripting

CVE-2024-6251 | playSMS 1.4.3 New Phonebook index.php name/email cross site scripting

CVE-2024-49702 | myCred Elementor Plugin up to 1.2.6 on WordPress cross site scripting