CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/07 9:18 a.m.•4 views

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

9.8CVSS7AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:18 a.m.•8 views

CVE-2025-1177

A vulnerability was found in dayrui XunRuiCMS 4.6.3. It has been classified as critical. Affected is the function importadd of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to...

9.8CVSS6.8AI score0.00201EPSS

RedhatCVE•added 2025/12/29 5:1 p.m.•1 views

CVE-2025-15144

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function drshowerror/drexitmsg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

6.1CVSS3.6AI score0.00025EPSS

EUVD•added 2025/12/28 6:30 p.m.•2 views

EUVD-2025-205520

5.3CVSS5.2AI score0.00025EPSS

OSV•added 2025/12/28 5:16 p.m.•0 views

CVE-2025-15144

6.1CVSS4.1AI score0.00025EPSS

NVD•added 2025/12/28 5:16 p.m.•2 views

CVE-2025-15144

6.1CVSS0.00025EPSS

Cvelist•added 2025/12/28 4:32 p.m.•17 views

CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting

5.3CVSS0.00025EPSS

ATTACKERKB•added 2025/12/28 4:32 p.m.•1 views

CVE-2025-15144

6.1CVSS3.9AI score0.00025EPSS

Exploits1References4Affected Software1

CVE•added 2025/12/28 4:32 p.m.•4 views

CVE-2025-15144

Summary: CVE-2025-15144 affects dayrui XunRuiCMS (up to 4.7.1) in the JSONP Callback Handler. The vulnerability stems from manipulation of the callback argument in the function dr_show_error/dr_exit_msg within /dayrui/Fcms/Init.php, enabling cross-site scripting. Exploitation can be performed rem...

6.1CVSS3.6AI score0.00025EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/12/28 4:32 p.m.•1 views

CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting

5.3CVSS3.6AI score0.00025EPSS

CNNVD•added 2025/12/28 12:0 a.m.•1 views

XunRuiCMS 跨站脚本漏洞

XunRuiCMS XunRuiCMS is a content management system for individual developers of XunRuiCMS. A code injection vulnerability exists in XunRuiCMS 4.7.1 and earlier versions, which originates from the incorrect operation of the parameter callback in the file /dayrui/Fcms/Init.php, which may lead to...

6.1CVSS5.5AI score0.00025EPSS

Positive Technologies•added 2025/12/28 12:0 a.m.•2 views

PT-2025-53660

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A flaw exists in dayrui XunRuiCMS that allows for cross site scripting. The issue is located in the JSONP Callback Handler component, specifically within the dr show error/dr exit msg function ...

6.1CVSS5.2AI score0.00025EPSS

Exploits1References10

RedhatCVE•added 2025/12/05 3:27 p.m.•1 views

CVE-2025-14006

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field=add=site=1=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to cross site...

6.1CVSS5.3AI score0.00026EPSS

RedhatCVE•added 2025/12/05 3:27 p.m.•3 views

CVE-2025-14007

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api=demo=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high complexity...

6.1CVSS5.1AI score0.00032EPSS

RedhatCVE•added 2025/12/05 3:27 p.m.•1 views

CVE-2025-14008

A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api=testsitedomain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery. It is possible to initiate the...

7.2CVSS6.6AI score0.00061EPSS

RedhatCVE•added 2025/12/05 1:33 p.m.•2 views

CVE-2025-14005

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field=add=site=1=0 of the component Add Display Name Field. Executing a manipulation of the argument dataname can lead to cross site...

6.1CVSS3AI score0.00032EPSS

EUVD•added 2025/12/04 3:30 p.m.•1 views

EUVD-2025-201188

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

5.1CVSS5AI score0.00026EPSS

EUVD•added 2025/12/04 3:30 p.m.•3 views

EUVD-2025-201187

A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high...

2CVSS4.7AI score0.00032EPSS

EUVD•added 2025/12/04 3:30 p.m.•2 views

EUVD-2025-201160

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display Name Field. Executing manipulation of the argument dataname can lead to...

4.8CVSS2.7AI score0.00032EPSS