CVE 4.8 MEDIUM

atjiu pybbs Admin Panel settings cross site scripting_CVE-2025-8812

August 10, 2025 invoker category_cve

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.

AI Analysis

A cross-site scripting (XSS) vulnerability was found in the Admin Panel settings of atjiu pybbs up to version 6.0.0. This vulnerability allows remote attackers to inject malicious scripts via the /api/settings endpoint. It is recommended to apply the patch to fix this issue.

Basic Information

ID CVE-2025-8812

Source VulDB

Published Aug 10, 2025 at 14:02

Affected Product

Vendor atjiu

Product pybbs

Version 6.0

Affected Versions atjiu pybbs 6.0

CWE Classification

CWE-79 CWE-94

AI Assessment

AI Severity Medium

Vendor atjiu

Product pybbs

Version 6.0

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.",
    "published": "2025-08-10T14:02:06.299Z",
    "modified": "2025-08-10T14:02:06.299Z",
    "type": "cve",
    "title": "atjiu pybbs Admin Panel settings cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319341\nhttps://vuldb.com/?ctiid.319341\nhttps://vuldb.com/?submit.622331\nhttps://github.com/atjiu/pybbs/issues/209\nhttps://github.com/atjiu/pybbs/issues/209#issuecomment-3134772651\nhttps://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
    "id": "CVE-2025-8812",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "atjiu pybbs 6.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pybbs",
    "version": "6.0",
    "vendor": "atjiu",
    "ai_description": "A cross-site scripting (XSS) vulnerability was found in the Admin Panel settings of atjiu pybbs up to version 6.0.0. This vulnerability allows remote attackers to inject malicious scripts via the /api/settings endpoint. It is recommended to apply the patch to fix this issue.",
    "ai_severity": "Medium",
    "ai_vendor": "atjiu",
    "ai_product": "pybbs",
    "ai_version": "6.0",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply