CVE-2025-15094
Unknown Unknown - Not Provided
Reflected XSS in FlyCMS User Login redirectUrl Parameter

Publication date: 2025-12-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15094
EUVD
EUVD-2025-205405
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sunkaifei flycms *
sunkaifei flycms 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15094 is a reflected Cross-Site Scripting (XSS) vulnerability in the FlyCMS application, specifically in the userLogin function of the UserController.java file. The vulnerability occurs because the redirectUrl parameter is not properly sanitized or encoded before being included in the login page. This allows an attacker to craft a malicious URL containing JavaScript code in the redirectUrl parameter, which is then executed in the victim's browser when they visit the URL. This can lead to arbitrary script execution in the context of the user's session. [1, 2, 3]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript code in the browsers of users who visit a specially crafted URL. Potential impacts include session hijacking, theft of user credentials, defacement of the website, or other malicious actions performed on behalf of the user. Since the attack can be launched remotely without authentication, it poses a significant risk to users interacting with the affected FlyCMS login page. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP GET request to the /login endpoint with a malicious redirectUrl parameter containing a script payload, then observing if the payload is reflected unencoded in the response. For example, using curl or Python requests to send a request like: curl 'http://<target>/login?redirectUrl="><script>alert(1)</script>' and checking if the script tag appears in the response body unescaped. A proof-of-concept in Python using the requests library is available that demonstrates this detection method. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding use of the vulnerable FlyCMS version or disabling the affected /login endpoint if possible. Since no official patch or fix is available, consider implementing input validation and output encoding for the redirectUrl parameter to prevent script injection. Additionally, monitor and restrict access to the vulnerable endpoint and educate users about the risk of clicking suspicious links. Considering alternative products or applying web application firewall (WAF) rules to block malicious payloads targeting the redirectUrl parameter can also help reduce risk. [2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15094. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart