CVE-2025-51965
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| harbin_weicheng_technology | yidacms | 3.8.1 |
| harbin_weicheng_technology | wechat_diamond_paid_voting_system | 5.0.0 |
| harbin_weicheng_technology | ourphp | 8.6.1 |
| harbin_weicheng_technology | yiqi-yap | * |
| harbin_weicheng_technology | yiqi-ui | 3.1 |
| harbin_weicheng_technology | php-t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in OURPHP versions up to 8.6.1. It occurs in the "Name" field of the "Complete Profile" feature on the "My User Center" page, which is accessible after user registration via the front-end interface. An attacker could exploit this by injecting malicious scripts into the "Name" field, which would then be executed in the context of other users viewing the profile.
How can this vulnerability impact me? :
This XSS vulnerability can allow attackers to execute malicious scripts in the browsers of users who view the affected profile. This can lead to theft of session cookies, defacement, redirection to malicious sites, or other malicious actions performed on behalf of the victim user.