CVE-2025-2209: aitangbao springboot-manager add cross site scripting
First published: Tue Mar 11 2025(Updated: )
A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| aitangbao springboot-manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2209?
CVE-2025-2209 is classified as a problematic vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2025-2209?
To fix CVE-2025-2209, implement input validation and sanitization for the argument name in the affected function.
What software is affected by CVE-2025-2209?
CVE-2025-2209 affects the aitangbao springboot-manager version 3.0.
Can CVE-2025-2209 be exploited remotely?
Yes, CVE-2025-2209 can be exploited remotely through crafted input leading to cross-site scripting.
What kind of attack can be launched through CVE-2025-2209?
CVE-2025-2209 allows for cross-site scripting (XSS) attacks due to improper handling of user input.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/aitangbao
- canonical/aitangbao springboot-manager