Plateforme
php
Composant
forestblog
Corrigé dans
20250321.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Sayski ForestBlog, affecting versions released up to 20250321. This vulnerability resides within the /search functionality and can be exploited remotely by manipulating the 'keywords' argument. The issue has been publicly disclosed and a patch is available.
Successful exploitation of CVE-2025-3004 allows an attacker to inject malicious scripts into the ForestBlog application. This can lead to session hijacking, defacement of the website, or redirection of users to malicious sites. The attacker could potentially steal sensitive user data, including login credentials and personal information. Given the XSS nature, the impact is primarily focused on users interacting with the vulnerable /search endpoint.
This vulnerability was publicly disclosed on 2025-03-31. A proof-of-concept exploit is likely available given the public disclosure. The CVSS score is LOW, suggesting that exploitation may require specific conditions or user interaction. It is not currently listed on CISA KEV.
Websites utilizing Sayski ForestBlog, particularly those with publicly accessible search functionality, are at risk. Shared hosting environments where multiple websites share the same ForestBlog installation are especially vulnerable, as a compromise of one site could potentially impact others.
• php / web:
grep -r 'keywords' /var/www/html/search.php | grep -i '<script'• generic web:
curl -I https://example.com/search?keywords=<script>alert(1)</script> | grep -i 'X-XSS-Protection'Vulnerable version released
Public disclosure
Patch released
Statut de l'Exploit
EPSS
0.16% (percentile 37%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-3004 is to immediately upgrade to version 20250321.0.1 or later. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'keywords' parameter within the /search endpoint. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting the /search endpoint can provide an additional layer of protection. After upgrade, confirm functionality by testing the /search endpoint with various inputs to ensure no unexpected behavior.
Actualizar ForestBlog a una versión posterior a 20250321 que corrija la vulnerabilidad de Cross-Site Scripting (XSS). Si no hay una versión disponible, se recomienda deshabilitar o eliminar la funcionalidad de búsqueda hasta que se publique una solución. Como medida temporal, se puede implementar una validación y sanitización exhaustiva de las entradas del usuario en el script /search.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-3004 is a cross-site scripting (XSS) vulnerability affecting Sayski ForestBlog versions up to 20250321. It allows attackers to inject malicious scripts via the /search endpoint.
You are affected if you are using Sayski ForestBlog version 20250321 or earlier. Check your version and upgrade immediately if vulnerable.
Upgrade to version 20250321.0.1 or later to resolve the vulnerability. Input validation on the /search endpoint is a temporary workaround.
While active exploitation is not confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
Refer to the Sayski ForestBlog official website or security advisory page for the latest information and updates regarding CVE-2025-3004.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.