Primary

Context

Rawchen ECMS Cross-Site Scripting Vulnerability in Add New Product Page

Vulnerability

A stored cross-site scripting vulnerability has been identified in Rawchen ECMS versions prior to b59d7feaa9094234e8aa6c8c6b290621ca575ded. The issue resides in the 'updateProductServlet' function within 'src/servlet/product/updateProductServlet.java'. The vulnerability allows attackers to inject JavaScript code through the 'productName' parameter, which is then executed by the server. This exploitation can be performed remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, enter a script tag containing JavaScript code, such as an alert command, into the 'productName' parameter on the Add New Product Page. After submitting the form, the injected script will be executed, demonstrating the cross-site scripting vulnerability.

Added: Dec 28, 2025, 7:18 PM

Updated: Dec 28, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rawchen ECMS Cross-Site Scripting Vulnerability in Add New Product Page

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating