CVE-2025-14801 xiweicheng TMS create createComment cross site scripting

🗓️ 17 Dec 2025 02:02:06Reported by VulDBType

CVE-2025-14801: xiweicheng TMS remote cross site scripting via createComment in /admin/blog/comment/create up to 2.28.0.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-14801	17 Dec 202515:48	–	circl
CNNVD	TMS 代码注入漏洞	17 Dec 202500:00	–	cnnvd
CVE	CVE-2025-14801	17 Dec 202502:02	–	cve
EUVD	EUVD-2025-203862	17 Dec 202502:02	–	euvd
NVD	CVE-2025-14801	17 Dec 202502:16	–	nvd
OSV	CVE-2025-14801	17 Dec 202502:16	–	osv
Positive Technologies	PT-2025-51799	17 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-14801	18 Dec 202502:37	–	redhatcve
Vulnrichment	CVE-2025-14801 xiweicheng TMS create createComment cross site scripting	17 Dec 202502:02	–	vulnrichment

[
  {
    "vendor": "xiweicheng",
    "product": "TMS",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      },
      {
        "version": "2.6",
        "status": "affected"
      },
      {
        "version": "2.7",
        "status": "affected"
      },
      {
        "version": "2.8",
        "status": "affected"
      },
      {
        "version": "2.9",
        "status": "affected"
      },
      {
        "version": "2.10",
        "status": "affected"
      },
      {
        "version": "2.11",
        "status": "affected"
      },
      {
        "version": "2.12",
        "status": "affected"
      },
      {
        "version": "2.13",
        "status": "affected"
      },
      {
        "version": "2.14",
        "status": "affected"
      },
      {
        "version": "2.15",
        "status": "affected"
      },
      {
        "version": "2.16",
        "status": "affected"
      },
      {
        "version": "2.17",
        "status": "affected"
      },
      {
        "version": "2.18",
        "status": "affected"
      },
      {
        "version": "2.19",
        "status": "affected"
      },
      {
        "version": "2.20",
        "status": "affected"
      },
      {
        "version": "2.21",
        "status": "affected"
      },
      {
        "version": "2.22",
        "status": "affected"
      },
      {
        "version": "2.23",
        "status": "affected"
      },
      {
        "version": "2.24",
        "status": "affected"
      },
      {
        "version": "2.25",
        "status": "affected"
      },
      {
        "version": "2.26",
        "status": "affected"
      },
      {
        "version": "2.27",
        "status": "affected"
      },
      {
        "version": "2.28.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/ha1yu-Yiqiyin/warehouse/blob/main/TMS_v2.28.0_XSS-1.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

17 Dec 2025 02:02Current

CVSS 3.12.4

CVSS 32.4

CVSS 23.3

CVSS 44.8

EPSS0.00235