CVE-2025-9591

LOW

ZrLog <= 3.1.5 - Cross-Site Scripting via Theme Configuration Form FooterLink

Title source: llm
STIX 2.1

Description

A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4
Core References
Issue Tracking exploit issue-tracking
https://github.com/SaaS5SaaS/CVE/issues/3
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.321765
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.321765
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.636176

Scores

CVSS v3 2.4
EPSS 0.0026
EPSS Percentile 17.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (6)
n/a/ZrLog 3.1.0
n/a/ZrLog 3.1.1
n/a/ZrLog 3.1.2
n/a/ZrLog 3.1.3
n/a/ZrLog 3.1.4
n/a/ZrLog 3.1.5
Published Aug 28, 2025
Tracked Since Feb 18, 2026