CVE-2025-3005

low-risk
Published 2025-03-31

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Forestblog

Affected Vendors

Forestblog Project

References (6)

Exploit https://github.com/saysky/ForestBlog/issues/105
Exploit https://github.com/saysky/ForestBlog/issues/105#issue-2937119331
Permissions Required https://vuldb.com/?ctiid.302054
Third Party Advisory https://vuldb.com/?id.302054
Third Party Advisory https://vuldb.com/?submit.524485
Exploit https://github.com/saysky/ForestBlog/issues/105
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal