CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3257 – xujiangfei admintwo updateSet cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-3257
04 Apr 2025 — A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/CSRF.md • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3256 – xujiangfei admintwo updateSet access control
https://notcve.org/view.php?id=CVE-2025-3256
04 Apr 2025 — A vulnerability was found in xujiangfei admintwo 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/updateSet. The manipulation of the argument email leads to improper access controls. The attack may be launched remotely. • https://github.com/caigo8/CVE-md/blob/main/admintwo/%E6%B0%B4%E5%B9%B3%E8%B6%8A%E6%9D%83.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3255 – xujiangfei admintwo home access control
https://notcve.org/view.php?id=CVE-2025-3255
04 Apr 2025 — A vulnerability was found in xujiangfei admintwo 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/home. The manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. • https://github.com/caigo8/CVE-md/blob/main/admintwo/%E6%9C%AA%E6%8E%88%E6%9D%83%E7%94%A8%E6%88%B7%E4%BF%A1%E6%81%AF%E9%81%8D%E5%8E%86.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3254 – xujiangfei admintwo add server-side request forgery
https://notcve.org/view.php?id=CVE-2025-3254
04 Apr 2025 — A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. • https://github.com/caigo8/CVE-md/blob/main/admintwo/SSRF.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3253 – xujiangfei admintwo insertTree cross site scripting
https://notcve.org/view.php?id=CVE-2025-3253
04 Apr 2025 — A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3252 – xujiangfei admintwo add cross site scripting
https://notcve.org/view.php?id=CVE-2025-3252
04 Apr 2025 — A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3251 – xujiangfei admintwo updateSet cross site scripting
https://notcve.org/view.php?id=CVE-2025-3251
04 Apr 2025 — A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •