CVE-2025-15144
Cross-Site Scripting in dayrui XunRuiCMS JSONP Handler
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dayrui | xunruicms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in dayrui XunRuiCMS up to version 4.7.1, specifically in the JSONP Callback Handler component. It involves the functions dr_show_error and dr_exit_msg in the file /dayrui/Fcms/Init.php. The vulnerability is caused by improper handling of the 'callback' argument, which can be manipulated to perform a cross-site scripting (XSS) attack. This means an attacker can inject malicious scripts that execute in the context of the victim's browser. The attack can be initiated remotely, and a public exploit is available.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute malicious scripts in the context of your users' browsers. This can lead to various issues such as session hijacking, defacement, or redirection to malicious sites. Since the attack is remotely exploitable and a public exploit exists, it increases the risk of exploitation. However, the vulnerability does not impact confidentiality or availability, but it does affect integrity to a limited extent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows cross-site scripting (XSS) attacks that can lead to session hijacking, credential theft, and unauthorized access to user data, it could potentially result in violations of data protection requirements under such regulations if exploited. No direct statements about compliance impact or regulatory consequences are given. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your XunRuiCMS installation (version 4.7.1 or earlier) is vulnerable to reflected XSS via the JSONP callback parameter. One way to detect it is by sending crafted HTTP GET requests with a malicious callback parameter and observing if the response reflects the callback parameter without sanitization. For example, you can use curl to test the vulnerability: curl "http://[target]/index.php?s=api&c=api&m=test&callback=alert(document.cookie)//" and check if the response contains the unsanitized callback parameter executing JavaScript. Additionally, attackers may use Google dorking with the query inurl:dayrui/Fcms/Init.php to identify vulnerable targets. Monitoring HTTP responses for reflected callback parameters without sanitization can help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict validation and sanitization of the 'callback' parameter to allow only safe JavaScript function names. For example, use a whitelist regex such as /^[a-zA-Z_][a-zA-Z0-9_]*$/ to sanitize the callback parameter before outputting it. If you cannot patch the code immediately, consider disabling or restricting access to the vulnerable endpoints to prevent exploitation. Ultimately, upgrading to a version of XunRuiCMS that fixes this issue or replacing the CMS with a secure alternative is recommended. Since the vendor has not responded, applying custom sanitization as shown in the recommended fix is critical. [2, 3]