CVE-2025-5513 | quequnlong shiyi-blog up to 1.2.1 /dev-api/api/comment/add content cross site scripting

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting.

This vulnerability is known as CVE-2025-5513. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5513 | quequnlong shiyi-blog up to 1.2.1 /dev-api/api/comment/add content cross site scripting

Post correlati

CVE-2024-22250 | VMware Enhanced Authentication Plug-in session fixiation (VMSA-2024-0003)

CVE-2024-56195 | ATS up to 9.2.8/10.0.3 Plugin access control

CVE-2024-26331 | ReCrystallize Server 5.10.0.0 Cookie improper authentication

CVE-2023-52286 | Tencent tdsqlpcloud up to 1.8.5 get_db_info information disclosure