Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2025/08/12 12:29 p.m.15 views

CVE-2025-8808

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

5.3CVSS7.5AI score0.00279EPSS
Exploits0References1
OSV
OSV
added 2025/08/10 11:32 a.m.5 views

CVE-2025-8807 xujeff tianti 天梯 save authorization

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed...

5.3CVSS6.1AI score0.00369EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/03/15 2:15 a.m.9 views

CVE-2025-25907

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8.8CVSS8AI score0.00211EPSS
Exploits1References1
NVD
NVD
added 2025/03/10 10:15 p.m.12 views

CVE-2025-25907

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8.8CVSS0.00211EPSS
Exploits1References1
CVE
CVE
added 2025/03/10 12:0 a.m.61 views

CVE-2025-25908

CVE-2025-25908 affects tianti v2.3 with a stored XSS in the coverImageURL parameter at /article/ajax/save. Root cause: unsanitized input in the coverImageURL field leading to arbitrary web scripts/HTML execution. Impact: potential exposure of user data due to crafted payloads; CVSS 3.1 base score...

5.4CVSS5.7AI score0.00252EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/10 12:0 a.m.4 views

CVE-2025-25907

tianti v2.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request...

8.8CVSS7.9AI score0.00211EPSS
Exploits1References3
OSV
OSV
added 2025/03/10 12:0 a.m.2 views

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

5.4CVSS5.7AI score0.00252EPSS
Exploits1References3
Rows per page
Query Builder