Longlong Gong

34 exploits Active since Mar 2025
CVE-2025-3965 WRITEUP LOW WRITEUP
itwanger paicoding 1.0.3 - Stored Cross-Site Scripting via /article/app/post Content Argument
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-3966 WRITEUP MEDIUM WRITEUP
itwanger paicoding 1.0.3 - Info Disclosure
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2025-3967 WRITEUP MEDIUM WRITEUP
itwanger paicoding 1.0.3 - Auth Bypass
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 5.4
CVE-2025-5509 WRITEUP MEDIUM WRITEUP
quequnlong shiyi-blog <1.2.1 - Path Traversal
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5510 WRITEUP MEDIUM WRITEUP
quequnlong shiyi-blog <1.2.1 - SSRF
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5511 WRITEUP MEDIUM WRITEUP
quequnlong shiyi-blog <1.2.1 - Info Disclosure
A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-5512 WRITEUP HIGH WRITEUP
quequnlong shiyi-blog <1.2.1 - Auth Bypass
A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-5513 WRITEUP LOW WRITEUP
shiyi-blog < 1.2.1 - Stored Cross-Site Scripting via Comment Content Parameter
A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.5
CVE-2025-2040 WRITEUP MEDIUM WRITEUP
zhijiantianya ruoyi-vue-pro 2.4.1 - XSS
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-2206 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/permission Name Parameter
A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0. This affects an unknown part of the file /sys/permission. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2207 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/dept Name Parameter
A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0. This vulnerability affects unknown code of the file /sys/dept. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2208 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via Filename Handler
A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0. This issue affects some unknown processing of the file /sysFiles/upload of the component Filename Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2209 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDict/add Name Parameter
A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2210 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysJob/add Name Parameter
A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2211 WRITEUP LOW WRITEUP
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sysDictDetail/add Name Parameter
A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-2707 WRITEUP MEDIUM WRITEUP
zhijiantianya ruoyi-vue-pro 2.4.1 - Path Traversal via Front-End Store Interface
A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4
CVE-2025-2708 WRITEUP MEDIUM WRITEUP
ruoyi-vue-pro 2.4.1 - Path Traversal via Backend File Upload Interface
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4
CVE-2025-2742 WRITEUP MEDIUM WRITEUP
ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4
CVE-2025-2743 WRITEUP MEDIUM WRITEUP
ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface
A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-2744 WRITEUP MEDIUM WRITEUP
ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4
CVE-2025-3325 WRITEUP MEDIUM WRITEUP
iteaj iboot 1.1.3 - Improper Access Control in Admin Password Handler
A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2025-3326 WRITEUP LOW WRITEUP
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-3327 WRITEUP LOW WRITEUP
iteaj iboot 1.1.3 - Cross-Site Scripting via File Upload
A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-3965 WRITEUP LOW WRITEUP
itwanger paicoding 1.0.3 - Stored Cross-Site Scripting via /article/app/post Content Argument
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-3966 WRITEUP MEDIUM WRITEUP
itwanger paicoding 1.0.3 - Info Disclosure
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3