CVE-2025-14007
BaseFortify
Publication date: 2025-12-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xunruicms | xunruicms | to 4.7.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in dayrui XunRuiCMS up to version 4.7.1 in the Domain Name Binding Page component, specifically in the file /admin79f2ec220c7e.php. It allows an attacker to perform cross-site scripting (XSS) by manipulating input parameters. The attack can be executed remotely but is considered difficult due to high complexity. The exploit is publicly available.
How can this vulnerability impact me? :
The vulnerability can lead to cross-site scripting attacks, which may allow attackers to inject malicious scripts into web pages viewed by other users. This can result in unauthorized actions performed on behalf of users, session hijacking, or defacement of the website. However, the impact is limited as the CVSS scores indicate low severity and the attack complexity is high, making exploitation difficult.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves testing the vulnerable endpoint `/admin79f2ec220c7e.php?c=api&m=demo&name=mobile` for cross-site scripting (XSS) by sending crafted requests that include script payloads in parameters to see if they are reflected without proper sanitization. Since the vulnerability is related to URL redirection causing remote XSS, you can use tools like curl or browser-based testing to send requests with typical XSS payloads and observe the response. For example, a command to test might be: `curl -v 'http://target/admin79f2ec220c7e.php?c=api&m=demo&name=mobile<script>alert(1)</script>'` and check if the script is executed or reflected in the response. Additionally, web vulnerability scanners that support XSS detection can be used to automate this process. Note that exploitation requires authentication and user interaction, so testing should be done with valid credentials and in a controlled environment. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint `/admin79f2ec220c7e.php?c=api&m=demo&name=mobile` by applying strict authentication and authorization controls, disabling or removing the affected component if possible, and implementing web application firewall (WAF) rules to detect and block typical XSS payloads targeting this endpoint. Since no official patches or vendor responses are available, consider replacing or upgrading the affected product if a fixed version becomes available. Additionally, monitor for any suspicious activity related to this endpoint and educate users about the risks of interacting with untrusted links. Applying input validation and output encoding on the server side is recommended once source code access is possible. [2]