CVE-2025-4839

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4839

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4839.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4839

Published

2025-05-17T22:15:19Z

Modified

2025-06-07T03:52:59.750503Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/itwanger/paicoding

Affected ranges

Type: GIT
Repo: https://github.com/itwanger/paicoding
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1738436dbd71777b0cb4d5914b8c41875a34c459

Last affected

1fecb6e3135b07e664c3b546ceb74a167c0501f6

Last affected

c03d00f053ddbc3cf5b849afcec6af3f9d8771f0

Last affected

cc528f8d8b4139a41f18c180fd0a0015489e741f

Affected versions

1.*

1.0.0

1.0.1