Which versions of Xuxueli are affected by EUVD-2025-19213?

Organizations using A vulnerability classified as problematic should be aware of moderate risk from CVE-2025-6700, a cross-site scripting vulnerability rated CVSS 4.3.

Is there a public PoC exploit available for EUVD-2025-19213?

Yes, a public proof-of-concept exploit is available for EUVD-2025-19213. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-19213?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

Xuxueli EUVD-2025-19213

Q: What is the CVSS score of EUVD-2025-19213?

EUVD-2025-19213 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2025-6700 LOW

Cross-site Scripting (XSS) (CWE-79)

2025-06-26 cna@vuldb.com

GHSA-2jfg-73q2-24qv

XSS

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

4.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2025-19213

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

PoC Detected

Sep 15, 2025 - 14:02 vuln.today

Public exploit code

CVE Published

Jun 26, 2025 - 16:15 nvd

MEDIUM 4.3

DescriptionCVE.org

A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

EUVD-2025-19213 vulnerability details – vuln.today

Back