CVE-2025-15201 | SohuTV CacheCloud up to 3.2.0 WebResourceController.java redirectNoPower cross site scripting (Issue 373)

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability marked as problematic has been reported in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting.

This vulnerability is tracked as CVE-2025-15201. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15201 | SohuTV CacheCloud up to 3.2.0 WebResourceController.java redirectNoPower cross site scripting (Issue 373)

Post correlati

CVE-2025-22143 | LabRedesCefetRJ WeGIA up to 3.2.7 listar_permissoes.php msg_e cross site scripting (GHSA-gxh2-8jxp-m59h)

CVE-2024-28675 | DedeCMS 5.7 /dede/diy_edit.php cross-site request forgery

CVE-2024-36388 | MileSight DeviceHub authentication bypass

CVE-2025-12807 | Rockwell Automation FactoryTalk DataMosaix Private Cloud 7.11/8.00/8.01 API Endpoint sql injection