CVE-2025-3387 MEDIUM

CVE-2025-3387: renrenio renren-security JSON cross site scripting

Vendor Renrenio
Product renren-security
Weakness CWE-79 · XSS
Published April 7, 2025
Last update April 8, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

April 7, 2025 CVE published
April 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE CVE-2025-12670 wp-twitpic <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-1005 WP Statistics < 13.2.2 - Reflected Cross-Site Scripting