Reconnecting to live updates…

CVE-2025-15200: Cross Site Scripting in SohuTV CacheCloud

Medium

VulnerabilityCVE-2025-15200cve cve-2025-15200

Published: Mon Dec 29 2025 (12/29/2025, 18:32:06 UTC)

Source: CVE Database V5

Vendor/Project: SohuTV

Product: CacheCloud

Description

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Technical Details

Data Version: 5.2
Assigner Short Name: VulDB
Date Reserved: 2025-12-28T10:16:36.231Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 6952cc6671a94549f14e1023

Added to database: 12/29/2025, 6:45:58 PM

Last updated: 12/29/2025, 8:04:20 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.