CVE-2025-15452 | xnx3 wangmarket up to 4.9 Backend Variable Search variableList.do variableList Description cross site scripting

A vulnerability described as problematic has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing manipulation of the argument Description can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-15452. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15452 | xnx3 wangmarket up to 4.9 Backend Variable Search variableList.do variableList Description cross site scripting

Post correlati

CVE-2023-40465 | Sierra Wireless ALEOS up to 4.9.8/4.16 heap-based overflow (psa-2023-006)

CVE-2025-1555 | hzmanyun Education and Training System 3.1.1 saveImage file unrestricted upload

CVE-2023-52499 | Linux Kernel up to 5.15.136/6.1.58/6.5/6.5.7 on PowerPC denial of service

CVE-2024-55925 | Xerox Workplace Suite prior 5.6.701.9 API improper authentication