CVE-2025-7803 MEDIUM

CVE-2025-7803: descreekert wx-discuz wx.php validToken cross site scripting

Vendor Descreekert
Product wx-discuz
Weakness CWE-79 · XSS
Published July 18, 2025
Last update July 22, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
July 22, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-22109 DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title CVE-2023-25796 WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-64196 WordPress Booster for WooCommerce plugin <= 7.2.5 - Cross Site Scripting (XSS) vulnerability CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability