CVE-2025-13181

Sažetak

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Reference

https://github.com/caigo8/CVE-md/blob/main/h3blog/xss4.md
https://github.com/caigo8/CVE-md/blob/main/h3blog/xss4.md#vulnerability-reproduction
https://vuldb.com/?ctiid.332471
https://vuldb.com/?id.332471
https://vuldb.com/?submit.684887

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

14-11-2025 - 20:15

Objavljeno

14-11-2025 - 20:15