CVE-2025-0706 MEDIUM

CVE-2025-0706: JoeyBling bootplus admin.html cross site scripting

Vendor Joeybling
Product bootplus
Weakness CWE-79 · XSS
Published January 24, 2025
Last update January 24, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
January 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter CVE-2021-24268 JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS CVE-2021-38348 Advance Search <= 1.1.2 Reflected Cross-Site Scripting CVE-2023-47518 WordPress Restrict Categories Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS) CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates