CVE-2025-15144 | dayrui XunRuiCMS up to 4.7.1 JSONP Callback /dayrui/Fcms/Init.php dr_show_error/dr_exit_msg callback cross site scripting

A vulnerability, which was classified as problematic, has been found in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting.

This vulnerability is handled as CVE-2025-15144. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More