CVE-2025-5523

LOW

enilu web-flash 1.0 - XSS

Title source: llm

Description

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 1,870 stars

by enilu · javawriteup

https://gitee.com/enilu/web-flash/issues/ICAXTM

References (4)

[Exploit, Issue Tracking] https://gitee.com/enilu/web-flash/issues/ICAXTM

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.310959

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.310959

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.585342

Scores

CVSS v3 3.5

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

enilu/web-flash 1.0

Published Jun 03, 2025

Tracked Since Feb 18, 2026