Vulnerability Details CVE-2025-25908
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2025-25908
-
cpe:2.3:a:tianti_project:tianti:2.3