{"id":6608,"date":"2025-06-09T08:38:03","date_gmt":"2025-06-09T08:38:03","guid":{"rendered":"http:\/\/localhost\/?p=6608"},"modified":"2025-06-09T08:38:03","modified_gmt":"2025-06-09T08:38:03","slug":"wukongopensource-wukongcrm-file-upload-adminsysconfigcontrollerjava-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6608","title":{"rendered":"WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nWuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-09T13:00:16.359Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nWuKongOpenSource<\/td>\n<\/tr>\n
Product<\/th>\nWukongCRM<\/td>\n<\/tr>\n
Version<\/th>\n9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability was discovered in WuKongCRM version 9.0. This issue affects the File Upload component in AdminSysConfigController.java, allowing remote attackers to execute scripts. The vendor has not responded to the disclosure.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWuKongOpenSource<\/td>\n<\/tr>\n
Product<\/th>\nWukongCRM<\/td>\n<\/tr>\n
Affected Version<\/th>\n9.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n