Skip to main content
CVE-2025-7789 LOW POC PATCH Monitor

Token generation in Xuxueli xxl-job up to version 3.1.1 uses password hashing with insufficient computational effort (weak bcrypt configuration or equivalent), allowing attackers to crack authentication tokens through brute force. The vulnerability affects the makeToken function in IndexController.java and has low practical impact (confidentiality impact only, no integrity or availability damage), but exploitation requires high attack complexity and is not known to be actively exploited at scale despite public disclosure of the vulnerability.

Information Disclosure Java Xxl Job
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2025-7788 LOW POC Monitor

OS command injection in Xuxueli xxl-job up to version 3.1.1 allows authenticated remote attackers to execute arbitrary operating system commands via the commandJobHandler function in SampleXxlJob.java. The vulnerability has a publicly available exploit and is rated critical by the discoverer, though the CVSS 4.0 score of 2.1 reflects limited scope (authenticated access required, low confidentiality/integrity/availability impact). With EPSS at 0.71% (72nd percentile), real-world exploitation probability is low despite public POC availability.

Command Injection Xxl Job
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-7787 LOW POC Monitor

Server-side request forgery in Xuxueli xxl-job up to version 3.1.1 allows authenticated remote attackers to perform SSRF attacks via the httpJobHandler function, enabling access to internal network resources. The vulnerability has a low CVSS score (2.1) due to required authentication and limited confidentiality impact, but publicly available exploit code exists and should be remediated promptly in affected deployments.

SSRF Xxl Job
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7785 LOW POC PATCH Monitor

Open redirect in JeeSite's SSO controller allows remote attackers to redirect users to arbitrary external URLs by manipulating the redirect parameter, exploiting user trust to facilitate phishing or credential theft attacks. Affects JeeSite up to version 5.12.0. Publicly available exploit code exists and requires user interaction (clicking a malicious link), but no active exploitation in the wild has been confirmed. CVSS score is low (2.1) due to UI requirement and limited impact, though EPSS (0.11%) indicates minimal real-world exploitation probability.

Java Open Redirect Jeesite
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7802 LOW POC Monitor

Reflected cross-site scripting (XSS) in PHPGurukul Complaint Management System 2.0 allows authenticated users to inject malicious scripts via the Search parameter in /admin/complaint-search.php. The vulnerability requires user interaction (victim clicks malicious link) and authenticated access, limiting its real-world impact despite public exploit availability. EPSS score of 0.05% indicates very low exploitation probability in practice.

PHP XSS Complaint Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7791 LOW POC Monitor

Stored cross-site scripting (XSS) in PHPGurukul Online Security Guards Hiring System 1.0 allows authenticated attackers to inject malicious scripts via the searchdata parameter in /admin/search.php, which are executed in the context of other users' browsers. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting but not preventing exploitation. Publicly available exploit code exists, though real-world risk remains low due to authentication and interaction requirements combined with a very low EPSS score of 0.05%.

PHP XSS Online Security Guards Hiring System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7767 LOW POC Monitor

Reflected cross-site scripting (XSS) in PHPGurukul Art Gallery Management System 1.1 allows authenticated attackers to inject malicious scripts via the artmed parameter in /admin/edit-art-medium-detail.php. The vulnerability requires user interaction (UI:P) and valid login credentials (PR:L) but impacts only integrity of the admin interface. Publicly available exploit code exists, though EPSS probability remains very low at 0.05%, suggesting limited real-world exploitation despite disclosure.

PHP XSS Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-7786 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in Gnuboard g6 up to version 6.0.10 allows authenticated remote attackers to inject arbitrary JavaScript into the Post Reply Handler component at /bbs/scrap_popin_update/qa/ path, requiring user interaction for exploitation. The vulnerability has been publicly disclosed with exploit code available; however, the low EPSS score (0.05%, 15th percentile) and CVSS 2.0 rating suggest limited real-world exploitation probability despite public availability of proof-of-concept.

XSS Gnuboard
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-7798 LOW Monitor

SQL injection in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System versions up to 8.2 allows authenticated remote attackers to execute arbitrary SQL queries via manipulation of the Struccture_ID parameter in the /admin/system/structure/getdirectorydata/web/baseinfo/companyManage endpoint. Despite critical severity designation in the description, CVSS 4.0 scoring reflects low confidentiality and integrity impact (CVSS:4.0 with VC:L/VI:L/VA:L), and EPSS exploitation probability is extremely low at 0.04% (12th percentile), indicating this attack requires valid authentication and specific deployment context. Public exploit disclosure exists (E:P flag), but no active exploitation confirmed in CISA KEV.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy