Vulnerabilites related to atjiu - pybbs
CVE-2025-8554 (GCVE-0-2025-8554)
Vulnerability from cvelistv5
Published
2025-08-05 09:02
Modified
2025-08-05 13:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:12:19.124163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:00.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/user/list. Mit der Manipulation des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:02:06.967Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318683 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318683"
},
{
"name": "VDB-318683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318683"
},
{
"name": "Submit #622198 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622198"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issuecomment-3134773217"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/207#issue-3256426074"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8554",
"datePublished": "2025-08-05T09:02:06.967Z",
"dateReserved": "2025-08-04T13:05:05.191Z",
"dateUpdated": "2025-08-05T13:13:00.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8553 (GCVE-0-2025-8553)
Vulnerability from cvelistv5
Published
2025-08-05 08:32
Modified
2025-08-05 13:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:13:27.874819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:13:47.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in atjiu pybbs up to 6.0.0. This vulnerability affects unknown code of the file /admin/sensitive_word/list. The manipulation of the argument word leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/sensitive_word/list. Dank Manipulation des Arguments word mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:32:06.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318682 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318682"
},
{
"name": "VDB-318682 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318682"
},
{
"name": "Submit #622197 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622197"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issuecomment-3134773560"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/206#issue-3256420783"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8553",
"datePublished": "2025-08-05T08:32:06.027Z",
"dateReserved": "2025-08-04T13:05:02.376Z",
"dateUpdated": "2025-08-05T13:13:47.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8814 (GCVE-0-2025-8814)
Vulnerability from cvelistv5
Published
2025-08-10 15:02
Modified
2025-08-12 19:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:13:51.226709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:13:54.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 gefunden. Betroffen davon ist die Funktion setCookie der Datei src/main/java/co/yiiu/pybbs/util/CookieUtil.java. Mit der Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T15:02:06.599Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319343 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319343"
},
{
"name": "VDB-319343 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319343"
},
{
"name": "Submit #622334 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622334"
},
{
"name": "Submit #622353 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CSRF (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622353"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issuecomment-3134960777"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/211#issue-3256483043"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/8aa2bb1aef3346e49aec6358edf5e47ce905ae7b"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs CookieUtil.java setCookie cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8814",
"datePublished": "2025-08-10T15:02:06.599Z",
"dateReserved": "2025-08-09T12:35:24.612Z",
"dateUpdated": "2025-08-12T19:13:54.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8547 (GCVE-0-2025-8547)
Vulnerability from cvelistv5
Published
2025-08-05 05:32
Modified
2025-08-05 16:16
Severity ?
5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8547",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T16:15:16.577587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:16:15.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Email Verification Handler"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 044f22893bee254dc2bb0d30f614913fab3c22c2. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Email Verification Handler. Mittels Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 044f22893bee254dc2bb0d30f614913fab3c22c2 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T05:32:06.564Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318676 | atjiu pybbs Email Verification improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.318676"
},
{
"name": "VDB-318676 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318676"
},
{
"name": "Submit #622180 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Registration email is not verified",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622180"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/200"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/200#issuecomment-3134710486"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/200#issue-3256283647"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/044f22893bee254dc2bb0d30f614913fab3c22c2"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Email Verification improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8547",
"datePublished": "2025-08-05T05:32:06.564Z",
"dateReserved": "2025-08-04T13:04:44.659Z",
"dateUpdated": "2025-08-05T16:16:15.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8555 (GCVE-0-2025-8555)
Vulnerability from cvelistv5
Published
2025-08-05 09:32
Modified
2025-08-05 13:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8555",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:06:33.153598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:10:49.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /search. Durch die Manipulation des Arguments keyword mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T09:32:06.162Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318684 | atjiu pybbs search cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318684"
},
{
"name": "VDB-318684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318684"
},
{
"name": "Submit #622199 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622199"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/208#issue-3256435530"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs search cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8555",
"datePublished": "2025-08-05T09:32:06.162Z",
"dateReserved": "2025-08-04T13:05:08.438Z",
"dateUpdated": "2025-08-05T13:10:49.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8812 (GCVE-0-2025-8812)
Vulnerability from cvelistv5
Published
2025-08-10 14:02
Modified
2025-08-12 19:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:34:48.904714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:34:51.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Admin Panel"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /api/settings der Komponente Admin Panel. Dank der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:02:06.299Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319341 | atjiu pybbs Admin Panel settings cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319341"
},
{
"name": "VDB-319341 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319341"
},
{
"name": "Submit #622331 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Stored XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622331"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Admin Panel settings cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8812",
"datePublished": "2025-08-10T14:02:06.299Z",
"dateReserved": "2025-08-09T12:35:08.941Z",
"dateUpdated": "2025-08-12T19:34:51.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8549 (GCVE-0-2025-8549)
Vulnerability from cvelistv5
Published
2025-08-05 06:32
Modified
2025-08-05 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8549",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:25:50.944731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:25:53.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issue-3256288016"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/201"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as d09cb19a8e7d7e5151282926ada54080244d499f. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in atjiu pybbs bis 6.0.0 ausgemacht. Dabei betrifft es die Funktion update der Datei src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. Durch Manipulieren mit unbekannten Daten kann eine weak password requirements-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als d09cb19a8e7d7e5151282926ada54080244d499f bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T06:32:06.410Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318678 | atjiu pybbs UserAdminController.java update weak password",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318678"
},
{
"name": "VDB-318678 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318678"
},
{
"name": "Submit #622187 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 No password security policy",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622187"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issuecomment-3134733216"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/201#issue-3256288016"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/d09cb19a8e7d7e5151282926ada54080244d499f"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs UserAdminController.java update weak password"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8549",
"datePublished": "2025-08-05T06:32:06.410Z",
"dateReserved": "2025-08-04T13:04:49.574Z",
"dateUpdated": "2025-08-05T13:25:53.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8552 (GCVE-0-2025-8552)
Vulnerability from cvelistv5
Published
2025-08-05 08:02
Modified
2025-08-05 13:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:41:02.805530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:45:35.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in atjiu pybbs bis 6.0.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/tag/list. Dank der Manipulation des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T08:02:05.841Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318681 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318681"
},
{
"name": "VDB-318681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318681"
},
{
"name": "Submit #622196 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622196"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issuecomment-3134773883"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/205#issue-3256416772"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8552",
"datePublished": "2025-08-05T08:02:05.841Z",
"dateReserved": "2025-08-04T13:04:59.223Z",
"dateUpdated": "2025-08-05T13:45:35.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8546 (GCVE-0-2025-8546)
Vulnerability from cvelistv5
Published
2025-08-05 05:02
Modified
2025-08-05 16:17
Severity ?
5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T16:17:27.801133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:17:39.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Verification Code Handler"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in atjiu pybbs bis 6.0.0 gefunden. Es betrifft die Funktion adminlogin/login der Komponente Verification Code Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine guessable captcha-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T05:02:06.125Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318675 | atjiu pybbs Verification Code login Captcha",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318675"
},
{
"name": "VDB-318675 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318675"
},
{
"name": "Submit #622179 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 CAPTCHA reuse Vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622179"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/199"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/199#issuecomment-3134573731"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/199#issue-3256276118"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Verification Code login Captcha"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8546",
"datePublished": "2025-08-05T05:02:06.125Z",
"dateReserved": "2025-08-04T13:04:37.413Z",
"dateUpdated": "2025-08-05T16:17:39.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8551 (GCVE-0-2025-8551)
Vulnerability from cvelistv5
Published
2025-08-05 07:32
Modified
2025-08-05 14:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8551",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:16:35.374648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:30:27.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /admin/comment/list. Durch Beeinflussen des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T07:32:05.984Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318680 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318680"
},
{
"name": "VDB-318680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318680"
},
{
"name": "Submit #622195 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622195"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issuecomment-3134774122"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/204#issue-3256412774"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8551",
"datePublished": "2025-08-05T07:32:05.984Z",
"dateReserved": "2025-08-04T13:04:55.229Z",
"dateUpdated": "2025-08-05T14:30:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8813 (GCVE-0-2025-8813)
Vulnerability from cvelistv5
Published
2025-08-10 14:32
Modified
2025-08-12 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - Open Redirect
Summary
A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8813",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:16:59.605013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:17:04.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion changeLanguage der Datei src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. Dank Manipulation des Arguments referer mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als edb14ff13e9e05394960ba46c3d31d844ff2deac bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T14:32:06.046Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319342 | atjiu pybbs IndexController.java changeLanguage redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319342"
},
{
"name": "VDB-319342 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319342"
},
{
"name": "Submit #622333 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622333"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/210#issue-3256474679"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:40:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs IndexController.java changeLanguage redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8813",
"datePublished": "2025-08-10T14:32:06.046Z",
"dateReserved": "2025-08-09T12:35:21.968Z",
"dateUpdated": "2025-08-12T19:17:04.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8548 (GCVE-0-2025-8548)
Vulnerability from cvelistv5
Published
2025-08-05 06:02
Modified
2025-08-05 13:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T13:35:19.342578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:35:50.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issue-3256293499"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/atjiu/pybbs/issues/202"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Registered Email Handler"
],
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. The manipulation of the argument email leads to information exposure through error message. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 234197c4f8fc7ce24bdcff5430cd42492f28936a. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in atjiu pybbs bis 6.0.0 gefunden. Dies betrifft die Funktion sendEmailCode der Datei src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java der Komponente Registered Email Handler. Durch das Manipulieren des Arguments email mit unbekannten Daten kann eine information exposure through error message-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 234197c4f8fc7ce24bdcff5430cd42492f28936a bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Information Exposure Through Error Message",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T06:02:06.431Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318677 | atjiu pybbs Registered Email SettingsApiController.java sendEmailCode information exposure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318677"
},
{
"name": "VDB-318677 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318677"
},
{
"name": "Submit #622186 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Enumerate registered emails",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622186"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issuecomment-3134602615"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/202#issue-3256293499"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/234197c4f8fc7ce24bdcff5430cd42492f28936a"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs Registered Email SettingsApiController.java sendEmailCode information exposure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8548",
"datePublished": "2025-08-05T06:02:06.431Z",
"dateReserved": "2025-08-04T13:04:47.101Z",
"dateUpdated": "2025-08-05T13:35:50.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8550 (GCVE-0-2025-8550)
Vulnerability from cvelistv5
Published
2025-08-05 07:02
Modified
2025-08-05 15:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8550",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T15:54:07.264228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T15:54:25.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pybbs",
"vendor": "atjiu",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZAST.AI (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In atjiu pybbs bis 6.0.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /admin/topic/list. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T07:02:06.813Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318679 | atjiu pybbs list cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318679"
},
{
"name": "VDB-318679 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318679"
},
{
"name": "Submit #622194 | atjiu https://github.com/atjiu/pybbs \u003c=6.0.0 Reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622194"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203#issuecomment-3134774288"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/atjiu/pybbs/issues/203#issue-3256392964"
},
{
"tags": [
"patch"
],
"url": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T15:10:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "atjiu pybbs list cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8550",
"datePublished": "2025-08-05T07:02:06.813Z",
"dateReserved": "2025-08-04T13:04:52.440Z",
"dateUpdated": "2025-08-05T15:54:25.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}