CVE-2025-15149

LOW EPSS 10.8%

Published Dec 28, 20256mo ago · Modified Jun 17, 20261w ago

1.9 CVSS 4.0

Low

Published Dec 28, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

1.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

10.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 4

github.com https://github.com/zyhzheng500-maker/cve/blob/main/%E5%AD%98%E5%82%A8%E5%9E%8BXss.md
vuldb.com https://vuldb.com/?ctiid.338526
vuldb.com https://vuldb.com/?id.338526
vuldb.com https://vuldb.com/?submit.716583

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.