CVE-2025-15223

low-risk

Published 2025-12-31

A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure and makes clear that the product is "[f]or educational purposes only".

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Simple-Php-Blog

Affected Vendors

Philipinho

References (4)

Exploit https://gitee.com/sun-huizhi/dazhi/issues/IDBUOY

Permissions Required https://vuldb.com/?ctiid.338608

Third Party Advisory https://vuldb.com/?id.338608

Third Party Advisory https://vuldb.com/?submit.710150

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal