CVE-2025-3152: caipeichao ThinkOX Search search.html cross site scripting
First published: Thu Apr 03 2025(Updated: )
A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ThinkOX |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3152?
CVE-2025-3152 is classified as a problematic cross-site scripting vulnerability.
How do I fix CVE-2025-3152?
To fix CVE-2025-3152, sanitize user input for the 'keywords' parameter to prevent cross-site scripting.
What components are affected by CVE-2025-3152?
CVE-2025-3152 affects the Search component of the ThinkOX application.
What type of vulnerability is CVE-2025-3152?
CVE-2025-3152 is a cross-site scripting (XSS) vulnerability.
In which file is CVE-2025-3152 found?
CVE-2025-3152 is found in the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/source
- agent/tags
- agent/event
- vendor/caipeichao
- canonical/thinkox