CVE-2025-3795

Published Apr 18, 2025

Last updated 3 days ago

CVSS medium 4.8

Overview

Description: A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Source: cna@vuldb.com
NVD status: Analyzed

Risk scores

CVSS 4.0

Type: Secondary
Base score: 4.8
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: MEDIUM

CVSS 3.1

Type: Primary
Base score: 3.4
Impact score: 1.4
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Severity: LOW

CVSS 2.0

Type: Secondary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.4
Vector string: AV:N/AC:L/Au:M/C:N/I:P/A:N

Weaknesses

cna@vuldb.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

🟠 DaiCuo, Cross-Site Scripting (XSS), #CVE-2025-3795 (Medium) https://t.co/GBrrxyt1cq
@dailycve
23 Jun 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:daicuo:daicuo:1.3.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "955C183A-BCCB-426E-9E29-429EA6B48DD6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 4.0

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References