Primary

Context

Dayrui XunRuiCMS Cross-Site Scripting Vulnerability in Domain Name Binding Page

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Dayrui XunRuiCMS versions through 4.7.1. The issue resides in the Domain Name Binding Page, specifically within the file '/admin79f2ec220c7e.php?c=api&m=demo&name=mobile'. This vulnerability can be exploited remotely and is associated with a high level of complexity.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, first navigate to the Domain Name Binding settings and update the project domain name. After that, go to the Mobile Domain Name Change module and preview the website. This will trigger a URL redirection that can be exploited for XSS.

Added: Dec 4, 2025, 3:29 PM

Updated: Dec 4, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dayrui XunRuiCMS Cross-Site Scripting Vulnerability in Domain Name Binding Page

Vulnerability

Impact

Reproduction

Affected Products

dayrui XunRuiCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating