Platform
php
Component
forestblog
Fixed in
20250321.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Sayski ForestBlog, affecting versions released up to 20250321. This vulnerability resides within the /search functionality and can be exploited remotely by manipulating the 'keywords' argument. The issue has been publicly disclosed and a patch is available.
Successful exploitation of CVE-2025-3004 allows an attacker to inject malicious scripts into the ForestBlog application. This can lead to session hijacking, defacement of the website, or redirection of users to malicious sites. The attacker could potentially steal sensitive user data, including login credentials and personal information. Given the XSS nature, the impact is primarily focused on users interacting with the vulnerable /search endpoint.
This vulnerability was publicly disclosed on 2025-03-31. A proof-of-concept exploit is likely available given the public disclosure. The CVSS score is LOW, suggesting that exploitation may require specific conditions or user interaction. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.16% (37% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-3004 is to immediately upgrade to version 20250321.0.1 or later. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'keywords' parameter within the /search endpoint. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting the /search endpoint can provide an additional layer of protection. After upgrade, confirm functionality by testing the /search endpoint with various inputs to ensure no unexpected behavior.
Update ForestBlog to a version later than 20250321 that fixes the Cross-Site Scripting (XSS) vulnerability. If no version is available, it is recommended to disable or remove the search functionality until a solution is published. As a temporary measure, thorough validation and sanitization of user input in the /search script can be implemented.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-3004 is a cross-site scripting (XSS) vulnerability affecting Sayski ForestBlog versions up to 20250321. It allows attackers to inject malicious scripts via the /search endpoint.
You are affected if you are using Sayski ForestBlog version 20250321 or earlier. Check your version and upgrade immediately if vulnerable.
Upgrade to version 20250321.0.1 or later to resolve the vulnerability. Input validation on the /search endpoint is a temporary workaround.
While active exploitation is not confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the Sayski ForestBlog official website or security advisory page for the latest information and updates regarding CVE-2025-3004.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.