CVE-2025-2491: Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting
First published: Tue Mar 18 2025(Updated: )
A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ujcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2491?
CVE-2025-2491 is classified as a problematic vulnerability.
How do I fix CVE-2025-2491?
To fix CVE-2025-2491, update to a patched version of Dromara ujcms that addresses the cross-site scripting issue.
What component is affected by CVE-2025-2491?
CVE-2025-2491 affects the Edit Template File Page functionality in the WebFileTemplateController.java file.
What type of attack does CVE-2025-2491 involve?
CVE-2025-2491 involves a cross-site scripting (XSS) vulnerability.
In which version of Dromara ujcms is CVE-2025-2491 present?
CVE-2025-2491 is present in Dromara ujcms version 9.7.5.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/source
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- vendor/dromara
- canonical/ujcms