CVE-2025-6551: Cross Site Scripting in java-aodeng Hope-Boot
A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6551: Cross Site Scripting in java-aodeng Hope-Boot
Description
A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-23T20:07:53.997Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 685a0560dec26fc862d8cf83
Added to database: 6/24/2025, 1:54:40 AM
Last updated: 6/24/2025, 1:54:40 AM
Views: 1
Related Threats
CVE-2025-6536: Reachable Assertion in Tarantool
MediumCVE-2025-34041: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Sangfor Technologies Co., Ltd. Endpoint Detection and Response Platform
CriticalCVE-2025-34040: CWE-434 Unrestricted Upload of File with Dangerous Type in Beijing Zhiyuan Internet Software Co., Ltd. OA
CriticalCVE-2025-34039: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Yonyou Co., Ltd. UFIDA NC
CriticalCVE-2025-34038: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Shanghai Fanwei Network Technology e-cology
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.