CVE-2025-5513 MEDIUM

CVE-2025-5513: quequnlong shiyi-blog add cross site scripting

Vendor Quequnlong
Product shiyi-blog
Weakness CWE-79 · XSS
Published June 3, 2025
Last update June 3, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 3, 2025 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-52472 WordPress Weather Atlas Widget plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-37919 WordPress Timeline Module for Beaver Builder plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface CVE-2024-3675 Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes CVE-2024-30555 WordPress Ultimate Social Comments plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability