CVE Details
Basic Information
| Title | java-aodeng Hope-Boot WebController.java login cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-06-24T01:31:08.210Z |
| Last Seen |
Product Information
| Vendor | java-aodeng |
|---|---|
| Product | Hope-Boot |
| Version | 1.0.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability exists in the login function of Hope-Boot 1.0.0, allowing remote attackers to inject malicious scripts via the errorMsg argument. |
|---|---|
| AI Severity | Medium |
| Vendor | java-aodeng |
| Product | Hope-Boot |
| Affected Version | 1.0.0 |
Affected Products
- java-aodeng Hope-Boot 1.0.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family |
References
Description
A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.