CVE-2025-15416 | xnx3 wangmarket up to 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability was found in xnx3 wangmarket up to 6.4 and classified as problematic. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting.

This vulnerability is identified as CVE-2025-15416. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15416 | xnx3 wangmarket up to 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting

Post correlati

CVE-2024-13369 | GoodLayers Tour Master Plugin up to 5.3.6 on WordPress sql injection

CVE-2024-43352 | Organic Themes GivingPress Lite Plugin up to 1.8.6 on WordPress cross site scripting

CVE-2025-28168 | Outsystems Multiple File Upload up to 3.0.x File Extension unrestricted upload

CVE-2024-6406 | Yordam Information Technology Mobile Library Application up to 4.x information disclosure