CVE-2025-5523 MEDIUM

CVE-2025-5523: enilu web-flash File Upload upload fileService.upload cross site scripting

Vendor Enilu
Product web-flash
Weakness CWE-79 · XSS
Published June 3, 2025
Last update June 3, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 3, 2025 CVE published
June 3, 2025 Record updated

Related vulnerabilities

04Related CVE