CVE-2025-15451 | xnx3 wangmarket up to 4.9 System Variables Page variableSave.do Description cross site scripting

Inserito da Angelo Barbosa | Gen 4, 2026 | CVE

A vulnerability marked as problematic has been reported in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing manipulation of the argument Description results in cross site scripting.

This vulnerability was named CVE-2025-15451. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15451 | xnx3 wangmarket up to 4.9 System Variables Page variableSave.do Description cross site scripting

Post correlati

CVE-2024-10662 | Tenda AC15 15.03.05.19 /goform/SetOnlineDevName formSetDeviceName devName stack-based overflow

CVE-2024-3087 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Ambulance Tracking Page ambulance-tracking.php searchdata sql injection

CVE-2024-22368 | Spreadsheet::ParseXLSX prior 0.28 on Perl XLSX Document resource consumption

CVE-2023-50933 | IBM PowerSC 1.3/2.0/2.1 cross site scripting (XFDB-275113)