CVE-2025-6700 – Xuxueli xxl-sso Remote Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-6700

Published : June 26, 2025, 4:15 p.m. | 51 minutes ago

Description : A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6701 – Xuxueli xxl-sso Open Redirect Vulnerability

Next Article CVE-2025-6699 – LabRedesCefetRJ WeGIA Cross Site Scripting Vulnerability

Highlights

CVE-2024-3509 – WSO2 Management Console Stored XSS

June 2, 2025

CVE ID : CVE-2024-3509

Published : June 2, 2025, 5:15 p.m. | 2 hours, 9 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section.
To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users.

While this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-6700 – Xuxueli xxl-sso Remote Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Your Agentforce Readiness Assessment

PC & Xbox Series X|S Games Teased at Sony’s June 2025 State of Play [Release Date & Trailers]

Automating REST APIs with Selenium and Postman

New Linux Security Flaw Can Bypass Disk Encryption

CVE-2024-3509 – WSO2 Management Console Stored XSS

CVE-2024-11299 – Memberpress WordPress Sensitive Information Exposure

AI is returning to Taco Bell and McDonald’s drive-thrus – will customers bite this time?

How to Connect to Hilton WiFi (Step-by-Step)

CVE-2025-6700 – Xuxueli xxl-sso Remote Cross-Site Scripting Vulnerability

Related Posts