CVE-2025-15451
Stored XSS in xnx3 wangmarket System Variables Page
Publication date: 2026-01-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xnx3 | wangmarket | to 4.9|start_including=4.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15451 is a stored Cross-Site Scripting (XSS) vulnerability in the xnx3 wangmarket application up to version 4.9. It occurs in the System Variables Page, specifically in the /admin/system/variableSave.do file, where the Description argument is not properly sanitized. Attackers can inject malicious JavaScript code into system variables, which is then stored persistently. When administrators or users view the system variable list, the malicious script executes in their browsers, potentially leading to session hijacking or cookie theft. Exploitation requires authentication and user interaction, and a public proof-of-concept exploit is available. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of authenticated users, such as administrators. This can lead to theft of cookies, session hijacking, and other malicious activities that compromise data integrity and user sessions. Since the malicious code is stored persistently, it can repeatedly affect users who access the vulnerable interface. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for attempts to exploit the /admin/system/variableSave.do interface by monitoring HTTP requests that manipulate the Description parameter with suspicious scripts or XSS payloads. Since the vulnerability requires authentication and user interaction, reviewing web server logs for POST requests to /admin/system/variableSave.do containing script tags or unusual input in the Description field can help. There is no specific command provided, but using tools like grep or log analysis to search for 'Description=' with script tags in access logs may be effective. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/system/variableSave.do interface to trusted users only, implementing strict input validation and sanitization on the Description parameter if possible, and monitoring for suspicious activity. Since no vendor patch or fix is available and the vendor did not respond, it is recommended to consider replacing the affected product with a more secure alternative. Additionally, educating users to avoid interacting with suspicious inputs and applying web application firewalls (WAF) rules to block XSS payloads targeting this endpoint can help reduce risk. [3]