Search criteria
48 vulnerabilities found for pybbs by pybbs_project
FKIE_CVE-2025-12297
Vulnerability from fkie_nvd - Published: 2025-10-27 17:15 - Updated: 2025-11-05 20:38
Severity ?
Summary
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.329965 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.329965 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.675906 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used."
}
],
"id": "CVE-2025-12297",
"lastModified": "2025-11-05T20:38:11.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-10-27T17:15:37.300",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.329965"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.329965"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.675906"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8814
Vulnerability from fkie_nvd - Published: 2025-08-10 15:15 - Updated: 2025-09-02 18:40
Severity ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0, clasificada como problem\u00e1tica. Este problema afecta a la funci\u00f3n setCookie del archivo src/main/java/co/yiiu/pybbs/util/CookieUtil.java. La manipulaci\u00f3n provoca cross-site request forgery. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8814",
"lastModified": "2025-09-02T18:40:49.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T15:15:26.613",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/8aa2bb1aef3346e49aec6358edf5e47ce905ae7b"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319343"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319343"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622334"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622353"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8813
Vulnerability from fkie_nvd - Published: 2025-08-10 15:15 - Updated: 2025-09-02 18:41
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/210 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/210#issue-3256474679 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319342 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319342 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622333 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/210 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/210#issue-3256474679 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n changeLanguage del archivo src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. La manipulaci\u00f3n del argumento referer provoca una redirecci\u00f3n abierta. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se identifica como edb14ff13e9e05394960ba46c3d31d844ff2deac. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8813",
"lastModified": "2025-09-02T18:41:06.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T15:15:25.943",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319342"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319342"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622333"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8812
Vulnerability from fkie_nvd - Published: 2025-08-10 14:15 - Updated: 2025-09-02 18:41
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/209 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319341 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319341 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622331 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/209 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en atjiu pybbs hasta la versi\u00f3n 6.0.0. Esta afecta a una parte desconocida del archivo /api/settings del componente Panel de administraci\u00f3n. La manipulaci\u00f3n provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El identificador del parche es 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8812",
"lastModified": "2025-09-02T18:41:16.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T14:15:33.297",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319341"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319341"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622331"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8555
Vulnerability from fkie_nvd - Published: 2025-08-05 10:15 - Updated: 2025-09-02 19:24
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/208 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/208#issue-3256435530 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318684 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318684 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622199 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en atjiu pybbs hasta la versi\u00f3n 6.0.0. La vulnerabilidad afecta a una funci\u00f3n desconocida del archivo /search. La manipulaci\u00f3n de la palabra clave del argumento provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda instalar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8555",
"lastModified": "2025-09-02T19:24:39.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T10:15:35.223",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issue-3256435530"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318684"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318684"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622199"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8553
Vulnerability from fkie_nvd - Published: 2025-08-05 09:15 - Updated: 2025-09-04 15:38
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/206 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/206#issue-3256420783 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/206#issuecomment-3134773560 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318682 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318682 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622197 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en atjiu pybbs hasta la versi\u00f3n 6.0.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/sensitive_word/list. La manipulaci\u00f3n del argumento \"word\" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se identifica como 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda instalar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8553",
"lastModified": "2025-09-04T15:38:04.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T09:15:32.110",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issue-3256420783"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issuecomment-3134773560"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318682"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318682"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622197"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8554
Vulnerability from fkie_nvd - Published: 2025-08-05 09:15 - Updated: 2025-09-02 19:24
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/207 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/207#issue-3256426074 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/207#issuecomment-3134773217 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318683 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318683 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622198 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en atjiu pybbs hasta la versi\u00f3n 6.0.0. Este problema afecta a un procesamiento desconocido del archivo /admin/user/list. La manipulaci\u00f3n del argumento \"Username\" provoca cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se denomina 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8554",
"lastModified": "2025-09-02T19:24:47.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T09:15:32.370",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issue-3256426074"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issuecomment-3134773217"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318683"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318683"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622198"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8552
Vulnerability from fkie_nvd - Published: 2025-08-05 08:15 - Updated: 2025-09-04 15:37
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/205 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/205#issue-3256416772 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/205#issuecomment-3134773883 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318681 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318681 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622196 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en atjiu pybbs hasta la versi\u00f3n 6.0.0. Esta afecta a una parte desconocida del archivo /admin/tag/list. La manipulaci\u00f3n del argumento \"Name\" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El identificador del parche es 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8552",
"lastModified": "2025-09-04T15:37:50.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T08:15:27.543",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issue-3256416772"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issuecomment-3134773883"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318681"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318681"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622196"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8551
Vulnerability from fkie_nvd - Published: 2025-08-05 08:15 - Updated: 2025-09-04 15:37
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/204 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/204#issue-3256412774 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/204#issuecomment-3134774122 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318680 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318680 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622195 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0. Se ha clasificado como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo /admin/comment/list. La manipulaci\u00f3n del argumento \"Username\" provoca cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8551",
"lastModified": "2025-09-04T15:37:42.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T08:15:27.330",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issue-3256412774"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issuecomment-3134774122"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318680"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318680"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622195"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8550
Vulnerability from fkie_nvd - Published: 2025-08-05 07:15 - Updated: 2025-09-04 15:37
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/203 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/203#issue-3256392964 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/203#issuecomment-3134774288 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318679 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318679 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622194 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/topic/list. La manipulaci\u00f3n del argumento \"Username\" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8550",
"lastModified": "2025-09-04T15:37:31.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T07:15:36.087",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203#issue-3256392964"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203#issuecomment-3134774288"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318679"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318679"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622194"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8548
Vulnerability from fkie_nvd - Published: 2025-08-05 07:15 - Updated: 2025-09-03 13:28
Severity ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/202 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/202#issue-3256293499 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318677 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318677 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622186 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/202 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/202#issue-3256293499 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0, clasificada como problem\u00e1tica. Este problema afecta a la funci\u00f3n sendEmailCode del archivo src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java del componente Registered Email Handler. La manipulaci\u00f3n del argumento \"email\" provoca la exposici\u00f3n de informaci\u00f3n mediante un mensaje de error. El ataque puede iniciarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El identificador del parche es 234197c4f8fc7ce24bdcff5430cd42492f28936a. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8548",
"lastModified": "2025-09-03T13:28:37.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T07:15:35.627",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issue-3256293499"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318677"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318677"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622186"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issue-3256293499"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8549
Vulnerability from fkie_nvd - Published: 2025-08-05 07:15 - Updated: 2025-09-03 13:10
Severity ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/atjiu/pybbs/commit/d09cb19a8e7d7e5151282926ada54080244d499f | Patch | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/201 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/201#issue-3256288016 | Exploit, Issue Tracking | |
| cna@vuldb.com | https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216 | Issue Tracking | |
| cna@vuldb.com | https://vuldb.com/?ctiid.318678 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.318678 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.622187 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/201 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/201#issue-3256288016 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pybbs_project | pybbs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pybbs_project:pybbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "455E4B27-02C0-417D-96AD-5A55C782D946",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en atjiu pybbs hasta la versi\u00f3n 6.0.0. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/topic/list. La manipulaci\u00f3n del argumento \"Username\" provoca ataques de cross site scripting. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. Se recomienda aplicar un parche para solucionar este problema."
}
],
"id": "CVE-2025-8549",
"lastModified": "2025-09-03T13:10:57.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T07:15:35.867",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/atjiu/pybbs/commit/d09cb19a8e7d7e5151282926ada54080244d499f"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issue-3256288016"
},
{
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.318678"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.318678"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.622187"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issue-3256288016"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
CVE-2025-12297 (GCVE-0-2025-12297)
Vulnerability from cvelistv5 – Published: 2025-10-27 16:32 – Updated: 2025-10-27 17:26
VLAI?
Summary
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
huangweigang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12297",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T17:25:46.140407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T17:26:20.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs up to 6.0.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei UserApiController.java. Die Bearbeitung verursacht information disclosure. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T16:32:14.311Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329965 | atjiu pybbs UserApiController.java information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.329965"
},
{
"name": "VDB-329965 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329965"
},
{
"name": "Submit #675906 | pybbs \u003c=6.0.0 Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675906"
},
{
"tags": [
"exploit"
],
"url": "https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:56:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs UserApiController.java information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12297",
"datePublished": "2025-10-27T16:32:14.311Z",
"dateReserved": "2025-10-26T16:51:50.650Z",
"dateUpdated": "2025-10-27T17:26:20.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8814 (GCVE-0-2025-8814)
Vulnerability from cvelistv5 – Published: 2025-08-10 15:02 – Updated: 2025-08-12 19:13
VLAI?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:13:51.226709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:13:54.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 gefunden. Betroffen davon ist die Funktion setCookie der Datei src/main/java/co/yiiu/pybbs/util/CookieUtil.java. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T15:02:06.599Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319343 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319343"
},
{
"name": "VDB-319343 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319343"
},
{
"name": "Submit #622334 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622334"
},
{
"name": "Submit #622353 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622353"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/8aa2bb1aef3346e49aec6358edf5e47ce905ae7b"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs CookieUtil.java setCookie cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8814",
"datePublished": "2025-08-10T15:02:06.599Z",
"dateReserved": "2025-08-09T12:35:24.612Z",
"dateUpdated": "2025-08-12T19:13:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8813 (GCVE-0-2025-8813)
Vulnerability from cvelistv5 – Published: 2025-08-10 14:32 – Updated: 2025-08-12 19:17
VLAI?
Summary
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-601 - Open Redirect
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:16:59.605013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:17:04.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion changeLanguage der Datei src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. Dank Manipulation des Arguments referer mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als edb14ff13e9e05394960ba46c3d31d844ff2deac bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:32:06.046Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319342 | atjiu pybbs IndexController.java changeLanguage redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319342"
},
{
"name": "VDB-319342 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319342"
},
{
"name": "Submit #622333 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622333"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs IndexController.java changeLanguage redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8813",
"datePublished": "2025-08-10T14:32:06.046Z",
"dateReserved": "2025-08-09T12:35:21.968Z",
"dateUpdated": "2025-08-12T19:17:04.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8812 (GCVE-0-2025-8812)
Vulnerability from cvelistv5 – Published: 2025-08-10 14:02 – Updated: 2025-08-12 19:34
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:34:48.904714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:34:51.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Panel"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /api/settings der Komponente Admin Panel. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:02:06.299Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319341 | atjiu pybbs Admin Panel settings cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319341"
},
{
"name": "VDB-319341 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319341"
},
{
"name": "Submit #622331 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Stored XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622331"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Admin Panel settings cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8812",
"datePublished": "2025-08-10T14:02:06.299Z",
"dateReserved": "2025-08-09T12:35:08.941Z",
"dateUpdated": "2025-08-12T19:34:51.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8555 (GCVE-0-2025-8555)
Vulnerability from cvelistv5 – Published: 2025-08-05 09:32 – Updated: 2025-08-05 13:10
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:06:33.153598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:10:49.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /search. Durch die Manipulation des Arguments keyword mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:32:06.162Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318684 | atjiu pybbs search cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318684"
},
{
"name": "VDB-318684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318684"
},
{
"name": "Submit #622199 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622199"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issue-3256435530"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs search cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8555",
"datePublished": "2025-08-05T09:32:06.162Z",
"dateReserved": "2025-08-04T13:05:08.438Z",
"dateUpdated": "2025-08-05T13:10:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8554 (GCVE-0-2025-8554)
Vulnerability from cvelistv5 – Published: 2025-08-05 09:02 – Updated: 2025-08-05 13:13
VLAI?
Summary
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:12:19.124163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:00.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user/list. Mit der Manipulation des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:02:06.967Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318683 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318683"
},
{
"name": "VDB-318683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318683"
},
{
"name": "Submit #622198 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622198"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issuecomment-3134773217"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issue-3256426074"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8554",
"datePublished": "2025-08-05T09:02:06.967Z",
"dateReserved": "2025-08-04T13:05:05.191Z",
"dateUpdated": "2025-08-05T13:13:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8553 (GCVE-0-2025-8553)
Vulnerability from cvelistv5 – Published: 2025-08-05 08:32 – Updated: 2025-08-05 13:13
VLAI?
Summary
A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:13:27.874819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:47.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/sensitive_word/list. Dank Manipulation des Arguments word mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:32:06.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318682 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318682"
},
{
"name": "VDB-318682 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318682"
},
{
"name": "Submit #622197 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622197"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issuecomment-3134773560"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issue-3256420783"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8553",
"datePublished": "2025-08-05T08:32:06.027Z",
"dateReserved": "2025-08-04T13:05:02.376Z",
"dateUpdated": "2025-08-05T13:13:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8552 (GCVE-0-2025-8552)
Vulnerability from cvelistv5 – Published: 2025-08-05 08:02 – Updated: 2025-08-05 13:45
VLAI?
Summary
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:41:02.805530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:45:35.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/tag/list. Dank der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:02:05.841Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318681 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318681"
},
{
"name": "VDB-318681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318681"
},
{
"name": "Submit #622196 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622196"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issuecomment-3134773883"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issue-3256416772"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8552",
"datePublished": "2025-08-05T08:02:05.841Z",
"dateReserved": "2025-08-04T13:04:59.223Z",
"dateUpdated": "2025-08-05T13:45:35.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8551 (GCVE-0-2025-8551)
Vulnerability from cvelistv5 – Published: 2025-08-05 07:32 – Updated: 2025-08-05 14:30
VLAI?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8551",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:16:35.374648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:30:27.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /admin/comment/list. Durch Beeinflussen des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T07:32:05.984Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318680 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318680"
},
{
"name": "VDB-318680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318680"
},
{
"name": "Submit #622195 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622195"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issuecomment-3134774122"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issue-3256412774"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8551",
"datePublished": "2025-08-05T07:32:05.984Z",
"dateReserved": "2025-08-04T13:04:55.229Z",
"dateUpdated": "2025-08-05T14:30:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12297 (GCVE-0-2025-12297)
Vulnerability from nvd – Published: 2025-10-27 16:32 – Updated: 2025-10-27 17:26
VLAI?
Summary
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
huangweigang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12297",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T17:25:46.140407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T17:26:20.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "huangweigang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs up to 6.0.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei UserApiController.java. Die Bearbeitung verursacht information disclosure. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T16:32:14.311Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329965 | atjiu pybbs UserApiController.java information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.329965"
},
{
"name": "VDB-329965 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329965"
},
{
"name": "Submit #675906 | pybbs \u003c=6.0.0 Improper Control of Resource Identifiers",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675906"
},
{
"tags": [
"exploit"
],
"url": "https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:56:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs UserApiController.java information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12297",
"datePublished": "2025-10-27T16:32:14.311Z",
"dateReserved": "2025-10-26T16:51:50.650Z",
"dateUpdated": "2025-10-27T17:26:20.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8814 (GCVE-0-2025-8814)
Vulnerability from nvd – Published: 2025-08-10 15:02 – Updated: 2025-08-12 19:13
VLAI?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:13:51.226709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:13:54.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 gefunden. Betroffen davon ist die Funktion setCookie der Datei src/main/java/co/yiiu/pybbs/util/CookieUtil.java. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T15:02:06.599Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319343 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319343"
},
{
"name": "VDB-319343 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319343"
},
{
"name": "Submit #622334 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622334"
},
{
"name": "Submit #622353 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622353"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/8aa2bb1aef3346e49aec6358edf5e47ce905ae7b"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs CookieUtil.java setCookie cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8814",
"datePublished": "2025-08-10T15:02:06.599Z",
"dateReserved": "2025-08-09T12:35:24.612Z",
"dateUpdated": "2025-08-12T19:13:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8813 (GCVE-0-2025-8813)
Vulnerability from nvd – Published: 2025-08-10 14:32 – Updated: 2025-08-12 19:17
VLAI?
Summary
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-601 - Open Redirect
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:16:59.605013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:17:04.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion changeLanguage der Datei src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. Dank Manipulation des Arguments referer mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als edb14ff13e9e05394960ba46c3d31d844ff2deac bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:32:06.046Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319342 | atjiu pybbs IndexController.java changeLanguage redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319342"
},
{
"name": "VDB-319342 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319342"
},
{
"name": "Submit #622333 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622333"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs IndexController.java changeLanguage redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8813",
"datePublished": "2025-08-10T14:32:06.046Z",
"dateReserved": "2025-08-09T12:35:21.968Z",
"dateUpdated": "2025-08-12T19:17:04.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8812 (GCVE-0-2025-8812)
Vulnerability from nvd – Published: 2025-08-10 14:02 – Updated: 2025-08-12 19:34
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:34:48.904714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:34:51.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Panel"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /api/settings der Komponente Admin Panel. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:02:06.299Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319341 | atjiu pybbs Admin Panel settings cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319341"
},
{
"name": "VDB-319341 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319341"
},
{
"name": "Submit #622331 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Stored XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622331"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Admin Panel settings cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8812",
"datePublished": "2025-08-10T14:02:06.299Z",
"dateReserved": "2025-08-09T12:35:08.941Z",
"dateUpdated": "2025-08-12T19:34:51.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8555 (GCVE-0-2025-8555)
Vulnerability from nvd – Published: 2025-08-05 09:32 – Updated: 2025-08-05 13:10
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:06:33.153598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:10:49.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /search. Durch die Manipulation des Arguments keyword mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:32:06.162Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318684 | atjiu pybbs search cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318684"
},
{
"name": "VDB-318684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318684"
},
{
"name": "Submit #622199 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622199"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issue-3256435530"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs search cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8555",
"datePublished": "2025-08-05T09:32:06.162Z",
"dateReserved": "2025-08-04T13:05:08.438Z",
"dateUpdated": "2025-08-05T13:10:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8554 (GCVE-0-2025-8554)
Vulnerability from nvd – Published: 2025-08-05 09:02 – Updated: 2025-08-05 13:13
VLAI?
Summary
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:12:19.124163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:00.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user/list. Mit der Manipulation des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:02:06.967Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318683 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318683"
},
{
"name": "VDB-318683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318683"
},
{
"name": "Submit #622198 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622198"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issuecomment-3134773217"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issue-3256426074"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8554",
"datePublished": "2025-08-05T09:02:06.967Z",
"dateReserved": "2025-08-04T13:05:05.191Z",
"dateUpdated": "2025-08-05T13:13:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8553 (GCVE-0-2025-8553)
Vulnerability from nvd – Published: 2025-08-05 08:32 – Updated: 2025-08-05 13:13
VLAI?
Summary
A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:13:27.874819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:47.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/sensitive_word/list. Dank Manipulation des Arguments word mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:32:06.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318682 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318682"
},
{
"name": "VDB-318682 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318682"
},
{
"name": "Submit #622197 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622197"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issuecomment-3134773560"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issue-3256420783"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8553",
"datePublished": "2025-08-05T08:32:06.027Z",
"dateReserved": "2025-08-04T13:05:02.376Z",
"dateUpdated": "2025-08-05T13:13:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8552 (GCVE-0-2025-8552)
Vulnerability from nvd – Published: 2025-08-05 08:02 – Updated: 2025-08-05 13:45
VLAI?
Summary
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:41:02.805530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:45:35.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/tag/list. Dank der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:02:05.841Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318681 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318681"
},
{
"name": "VDB-318681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318681"
},
{
"name": "Submit #622196 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622196"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issuecomment-3134773883"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issue-3256416772"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8552",
"datePublished": "2025-08-05T08:02:05.841Z",
"dateReserved": "2025-08-04T13:04:59.223Z",
"dateUpdated": "2025-08-05T13:45:35.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8551 (GCVE-0-2025-8551)
Vulnerability from nvd – Published: 2025-08-05 07:32 – Updated: 2025-08-05 14:30
VLAI?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
ZAST.AI (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8551",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:16:35.374648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:30:27.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /admin/comment/list. Durch Beeinflussen des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T07:32:05.984Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318680 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318680"
},
{
"name": "VDB-318680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318680"
},
{
"name": "Submit #622195 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622195"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issuecomment-3134774122"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issue-3256412774"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8551",
"datePublished": "2025-08-05T07:32:05.984Z",
"dateReserved": "2025-08-04T13:04:55.229Z",
"dateUpdated": "2025-08-05T14:30:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}