{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2131", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-09T07:05:39.885Z", "datePublished": "2025-03-09T22:31:04.299Z", "dateUpdated": "2025-03-10T17:42:47.572Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-09T22:31:04.299Z"}, "title": "dayrui XunRuiCMS Friendly Links cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "dayrui", "product": "XunRuiCMS", "versions": [{"version": "4.6.0", "status": "affected"}, {"version": "4.6.1", "status": "affected"}, {"version": "4.6.2", "status": "affected"}, {"version": "4.6.3", "status": "affected"}], "modules": ["Friendly Links Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in dayrui XunRuiCMS bis 4.6.3 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Friendly Links Handler. Mittels dem Manipulieren des Arguments Website Address mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-03-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-09T08:10:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "SecHZredo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.299051", "name": "VDB-299051 | dayrui XunRuiCMS Friendly Links cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.299051", "name": "VDB-299051 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.511411", "name": "Submit #511411 | dayrui xunruicms  4.6.3  Stored Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dayrui/xunruicms/issues/7", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T17:41:18.598657Z", "id": "CVE-2025-2131", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:42:47.572Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2131", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T17:41:18.598657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:41:50.622Z"}}], "cna": {"title": "dayrui XunRuiCMS Friendly Links cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "SecHZredo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "affected": [{"vendor": "dayrui", "modules": ["Friendly Links Handler"], "product": "XunRuiCMS", "versions": [{"status": "affected", "version": "4.6.0"}, {"status": "affected", "version": "4.6.1"}, {"status": "affected", "version": "4.6.2"}, {"status": "affected", "version": "4.6.3"}]}], "timeline": [{"lang": "en", "time": "2025-03-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-09T08:10:54.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.299051", "name": "VDB-299051 | dayrui XunRuiCMS Friendly Links cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.299051", "name": "VDB-299051 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.511411", "name": "Submit #511411 | dayrui xunruicms  4.6.3  Stored Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/dayrui/xunruicms/issues/7", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine Schwachstelle wurde in dayrui XunRuiCMS bis 4.6.3 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Friendly Links Handler. Mittels dem Manipulieren des Arguments Website Address mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-09T22:31:04.299Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2131", "state": "PUBLISHED", "dateUpdated": "2025-03-10T17:42:47.572Z", "dateReserved": "2025-03-09T07:05:39.885Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-09T22:31:04.299Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9953572-AFFE-4CFE-89CC-9EBE07958917", "versionEndIncluding": "4.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en dayrui XunRuiCMS hasta la versi\u00f3n 4.6.3. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del componente Friendly Links Handler. La manipulaci\u00f3n del argumento Website Address provoca cross site scripting. El ataque puede iniciarse de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-2131", "lastModified": "2025-03-11T20:34:05.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-09T23:15:34.397", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/dayrui/xunruicms/issues/7"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.299051"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?id.299051"}, {"source": "cna@vuldb.com", "tags": ["VDB Entry"], "url": "https://vuldb.com/?submit.511411"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}