CVE-2025-8550
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-8550
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8550.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-8550
- Published
- 2025-08-05T07:15:36.087Z
- Modified
- 2025-12-03T15:03:12.449175Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
- References
-
- https://vuldb.com/?ctiid.318679
- https://vuldb.com/?id.318679
- https://vuldb.com/?submit.622194
- https://github.com/atjiu/pybbs/issues/203
- https://github.com/atjiu/pybbs/issues/203#issue-3256392964
- https://github.com/atjiu/pybbs/issues/203#issuecomment-3134774288
- https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22
Affected packages
Git / github.com/atjiu/pybbs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/atjiu/pybbs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
jfinalbbs2.*
jfinalbbs2.0
jfinalbbs2.1
jfinalbbs2.2
pybbs-4.*
pybbs-4.0-beta
pybbs2.*
pybbs2.5
pybbs2.5-lastest
pybbs2.6
pybbs4.*
pybbs4.0-release
v5.*
v5.0
v5.1.0
v5.2.0
v5.2.1
v6.*
v6.0.0
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"154515023191952805527644514962031232057",
"321772059736531356415222279805480118870",
"172973264671170614226514506957631309973",
"282196970589789320543264581569541213029",
"184817336078675804217088777645890793326",
"257752354572212207157368595203983667118",
"28162324821521462986622117583544964184",
"116541499609015607586711617204417440642",
"21607132647509620328625163912345681902",
"245217046536196265519028674852234505206",
"311863007350041230256275292703680537386",
"225582793651850731572273798966618439912",
"328095272460947663135026253909590195894"
]
},
"id": "CVE-2025-8550-085c7555",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"163086160569840106189498629922255428787",
"335520857597872101282590041029685319423",
"200041728258169796348617878246012077083",
"340268249772306678661702884498796475803",
"167794275093476039164343731107728269614",
"212439685361556398299925485376142989886",
"321246391961120513058303182523458248872",
"42740343461446530740216998236196624006",
"77336419164744385804103617540169688620",
"113185728859408963399010045409561547509",
"218024211985399896225120871355985789025",
"337098527738226495043926617988965104508",
"104175801317812961607061975476693352902",
"157245577958898714205600809464595500470",
"117053070060782531814300170629027964203",
"337098527738226495043926617988965104508",
"284423354215036720393223329075978452003"
]
},
"id": "CVE-2025-8550-2195939a",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/main/java/co/yiiu/pybbs/service/impl/TopicService.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "33757605131593692891682484738389612867",
"length": 498.0
},
"id": "CVE-2025-8550-3e98909d",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "update",
"file": "src/main/java/co/yiiu/pybbs/service/impl/TopicService.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "54866396996849192557801018288785269645",
"length": 721.0
},
"id": "CVE-2025-8550-5b838cfd",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "edit",
"file": "src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "201225344371347179517679841018058665276",
"length": 1044.0
},
"id": "CVE-2025-8550-81131bab",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "insert",
"file": "src/main/java/co/yiiu/pybbs/service/impl/TopicService.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"211915273478505027619365225248069392383",
"300123578666287814198039331663370554158",
"204062456961529089821200715078343013180",
"255271259488069035248687080232674833367",
"86467021402370453411673731480069832556",
"300290895455099468114152210746319724037"
]
},
"id": "CVE-2025-8550-83fe192c",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/main/java/co/yiiu/pybbs/config/WebMvcConfig.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"34289077484815429234410437331674137403",
"308701945943245334810327979783651838296",
"332766317282924199261978838055568665564",
"796311716009406497067065152305257964",
"326058694272447232937314183709878341225",
"325859569939448727932909151605128828512",
"87625554708906938471871436777190299585",
"31793503983562041172223751294403457475",
"9195617551029167329421920726918604032"
]
},
"id": "CVE-2025-8550-ac5d0290",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/main/java/co/yiiu/pybbs/controller/front/IndexController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"62698769324753302385596140076391917951",
"2559585070317455597470679587481317635",
"76813255969637073205029377566685279949",
"338234444931927059918728754025181933635",
"297095741573940173065022843861672266697",
"125219472835134418942642578628798039800",
"224321821286733079753013577363777398172",
"196336666332582744453966203387962957612",
"62341967402990930692339688186174274067"
]
},
"id": "CVE-2025-8550-d5e0adb0",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/main/java/co/yiiu/pybbs/controller/admin/TopicAdminController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "230917333793041158978282581371646075709",
"length": 390.0
},
"id": "CVE-2025-8550-eb7747f8",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "update",
"file": "src/main/java/co/yiiu/pybbs/controller/admin/TopicAdminController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "264195909325454872761525859038790002554",
"length": 340.0
},
"id": "CVE-2025-8550-f425af89",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "search",
"file": "src/main/java/co/yiiu/pybbs/controller/front/IndexController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "44366403874493174511268013695921861179",
"length": 652.0
},
"id": "CVE-2025-8550-fa0b77ee",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "create",
"file": "src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java"
},
"source": "https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22",
"signature_type": "Function"
}
]