CVE-2025-15145

Sažetak

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/sohutv/cachecloud/issues/365
https://github.com/sohutv/cachecloud/issues/365#issue-3733522215
https://vuldb.com/?ctiid.338523
https://vuldb.com/?id.338523
https://vuldb.com/?submit.716301

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Zadnje važnije ažuriranje

28-12-2025 - 17:16

Objavljeno

28-12-2025 - 17:16