VDB-339080 · CVE-2025-15372 · GCVE-100-339080

youlaitech vue3-element-admin ଯେପର୍ଯ୍ୟନ୍ତ 3.4.0 Notice index.vue କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame youlaitech vue3-element-admin ଯେପର୍ଯ୍ୟନ୍ତ 3.4.0 keessatti argameera. Miidhamni argame is hojii hin beekamne faayilii src/views/system/notice/index.vue keessa kutaa Notice Handler keessa. Wanti jijjiirame gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-79 si geessa. Odeeffannoon kun yeroo 12/30/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2025-15372 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 102 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/30/2025 07:44 PM	ଅଦ୍ୟତନ 1/2 12/31/2025 07:14 PM	ଅଦ୍ୟତନ 2/2 01/15/2026 07:34 AM
software_vendor	youlaitech	youlaitech	youlaitech
software_name	vue3-element-admin	vue3-element-admin	vue3-element-admin
software_version	<=3.4.0	<=3.4.0	<=3.4.0
software_component	Notice Handler	Notice Handler	Notice Handler
software_file	src/views/system/notice/index.vue	src/views/system/notice/index.vue	src/views/system/notice/index.vue
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept	https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept
source_cve	CVE-2025-15372	CVE-2025-15372	CVE-2025-15372
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	H	H	H
cvss4_vuldb_ui	P	P	P
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	3.2
cvss3_meta_tempscore	2.2	2.3	3.1
cvss4_vuldb_bscore	4.8	4.8	4.8
cvss4_vuldb_btscore	1.9	1.9	1.9
advisory_date	1767049200 (12/30/2025)	1767049200 (12/30/2025)	1767049200 (12/30/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.	A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		H	H
cvss4_cna_ui		P	P
cvss4_cna_vc		N	N
cvss4_cna_vi		L	L
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		4.8	4.8
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		H	H
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cvss3_cna_basescore		2.4	2.4
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		M	M
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		N	N
cvss2_cna_basescore		3.3	3.3
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_nvd_basescore			4.8
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			R
cvss3_nvd_s			C

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!