{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15372", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-12-30T18:39:47.827Z", "datePublished": "2025-12-31T02:02:06.787Z", "dateUpdated": "2026-01-02T14:37:49.898Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-31T02:02:06.787Z"}, "title": "youlaitech vue3-element-admin Notice index.vue cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "youlaitech", "product": "vue3-element-admin", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}, {"version": "3.2", "status": "affected"}, {"version": "3.3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}], "modules": ["Notice Handler"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-12-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-12-30T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-12-30T19:44:51.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Ana10gy (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.339080", "name": "VDB-339080 | youlaitech vue3-element-admin Notice index.vue cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.339080", "name": "VDB-339080 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.718345", "name": "Submit #718345 | youlaitech vue3-element-admin <=v3.4.0 XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md", "tags": ["related"]}, {"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-02T14:21:57.711197Z", "id": "CVE-2025-15372", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T14:37:49.898Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15372", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-02T14:21:57.711197Z"}}}], "references": [{"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T14:22:31.893Z"}}], "cna": {"title": "youlaitech vue3-element-admin Notice index.vue cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Ana10gy (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "youlaitech", "modules": ["Notice Handler"], "product": "vue3-element-admin", "versions": [{"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}, {"status": "affected", "version": "3.2"}, {"status": "affected", "version": "3.3"}, {"status": "affected", "version": "3.4.0"}]}], "timeline": [{"lang": "en", "time": "2025-12-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-12-30T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-12-30T19:44:51.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.339080", "name": "VDB-339080 | youlaitech vue3-element-admin Notice index.vue cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.339080", "name": "VDB-339080 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.718345", "name": "Submit #718345 | youlaitech vue3-element-admin <=v3.4.0 XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md", "tags": ["related"]}, {"url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-31T02:02:06.787Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15372", "state": "PUBLISHED", "dateUpdated": "2026-01-02T14:37:49.898Z", "dateReserved": "2025-12-30T18:39:47.827Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-12-31T02:02:06.787Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-15372", "lastModified": "2026-01-02T15:15:58.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-12-31T03:15:53.820", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.339080"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.339080"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.718345"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}