CVE-2025-4000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?ctiid.306336", "name": "VDB-306336 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.306336", "name": "VDB-306336 | Seeyon Zhiyuan OA Web Application System ssoproxy.jsp cross site scripting", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.558067", "name": "Submit #558067 | Seeyon Zhiyuan OA Web Application System V8.1 SP2 Cross Site Scripting", "tags": [], "refsource": ""}, {"url": "https://wx.mail.qq.com/s?k=g1PB2UUAekANSMkHzr", "name": "https://wx.mail.qq.com/s?k=g1PB2UUAekANSMkHzr", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\\opt\\Seeyon\\A8\\ApacheJetspeed\\webapps\\seeyon\\ssoproxy\\jsp\\ssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-4000", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}}, "publishedDate": "2025-04-28T04:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-28T04:15Z"}