CVE-2025-15221
Unknown Unknown - Not Provided
Cross-Site Scripting in SohuTV CacheCloud AppDataMigrateController

Publication date: 2025-12-30

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15221
EUVD
EUVD-2025-205690
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sohutv cachecloud 3.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in SohuTV CacheCloud up to version 3.2.0, specifically in the function index of the file AppDataMigrateController.java. It allows for cross-site scripting (XSS) attacks, meaning an attacker can inject malicious scripts that run in the context of a user's browser. The vulnerability can be exploited remotely, and an exploit has already been published.


How can this vulnerability impact me? :

The vulnerability can lead to cross-site scripting attacks, which may allow attackers to execute malicious scripts in users' browsers. This can result in unauthorized actions performed on behalf of users, potential theft of session tokens or other sensitive information, and compromise of user interactions with the affected application.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending crafted HTTP requests to the vulnerable endpoint `/data/migrate/index` with malicious payloads in parameters such as `migrateMachine`. For example, using curl or similar tools, you can send a POST request with a payload containing a script injection attempt like `X" tabindex="1" autoFOCuS onFocus=alert("zast-xss")//`. Observing the HTTP response for execution or presence of injected scripts indicates the vulnerability. A proof-of-concept uses a Python requests session to automate this detection. Example command: curl -X POST 'http://<target>/data/migrate/index' -d 'migrateMachine=X" tabindex="1" autoFOCuS onFocus=alert("zast-xss")//' -H 'Content-Type: application/x-www-form-urlencoded'. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding use of the vulnerable CacheCloud version 3.2.0 or earlier, as no official patch or fix has been released. Restrict access to the vulnerable endpoint `/data/migrate/index` by applying network-level controls such as firewall rules or web application firewall (WAF) rules to block or sanitize requests containing suspicious input. Additionally, consider replacing CacheCloud with an alternative product until a fix is available. Monitoring for exploitation attempts is also recommended. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart