CVE-2025-10274 MEDIUM

CVE-2025-10274: erjinzhi 10OA item cross site scripting

Vendor Erjinzhi
Product 10OA
Weakness CWE-79 · XSS
Published September 12, 2025
Last update September 12, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

September 12, 2025 CVE published
September 12, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14128 Stumble! for WordPress <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] CVE-2026-20075 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability CVE-2023-22710 WordPress Return and Warranty Management System for WooCommerce Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS) CVE-2023-0432 CVE-2023-0432 CVE-2024-54039 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)