CVE-2025-5513 | quequnlong shiyi-blog up to 1.2.1 /dev-api/api/comment/add content cross site scripting

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting.

This vulnerability is known as CVE-2025-5513. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5513 | quequnlong shiyi-blog up to 1.2.1 /dev-api/api/comment/add content cross site scripting

Post correlati

CVE-2023-6638 | GTG Product Feed for Shopping Plugin up to 1.2.4 on WordPress Setting authorization

CVE-2025-23091 | Ubiquiti UDM up to 4.1 Application Update channel accessible

CVE-2024-7777 | bitpressadmin Contact Form Plugin up to 2.13.9 on WordPress wp-config.php path traversal

CVE-2022-32756 | IBM Security Verify Directory 10.0.0 information exposure (XFDB-228507)