CVE-2025-3532: YouDianCMS index.html.Attackers cross site scripting
First published: Sun Apr 13 2025(Updated: )
A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| YouDianCMS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3532?
CVE-2025-3532 is classified as a problematic vulnerability affecting YouDianCMS.
How does CVE-2025-3532 exploit the system?
CVE-2025-3532 exploits the system through cross-site scripting by manipulating the OrderNumber argument.
What is the affected software version for CVE-2025-3532?
CVE-2025-3532 affects YouDianCMS version 9.5.21.
What are the potential impacts of CVE-2025-3532?
The potential impacts include unauthorized code execution and data theft through cross-site scripting.
How can I mitigate CVE-2025-3532?
To mitigate CVE-2025-3532, ensure input validation and sanitation to prevent injection of malicious scripts.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/youdiancms
- canonical/youdiancms