pojoin h3blog add cross site scripting_CVE-2025-13181

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-13181

Source VulDB

Published Nov 14, 2025 at 20:02

Modified Nov 14, 2025 at 21:23

Affected Product

Vendor pojoin

Product h3blog

Version 1.0

Affected Versions pojoin h3blog 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-11-14T20:02:05.900Z",
    "modified": "2025-11-14T21:23:50.197Z",
    "type": "cve",
    "title": "pojoin h3blog add cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332471\nhttps://vuldb.com/?ctiid.332471\nhttps://vuldb.com/?submit.684887\nhttps://github.com/caigo8/CVE-md/blob/main/h3blog/xss4.md\nhttps://github.com/caigo8/CVE-md/blob/main/h3blog/xss4.md#vulnerability-reproduction",
    "id": "CVE-2025-13181",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "pojoin h3blog 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "h3blog",
    "version": "1.0",
    "vendor": "pojoin",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}