admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 07:43:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

review: update CVE-2025-26182 template - fix name format, severity alignment with CVSS score, and add vendor tag

Browse Source
This commit is contained in:
Prince Chaddha
2025-08-05 13:16:18 -07:00
parent 48c60f0857
commit f3200e9b52
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2025/CVE-2025-26182.yaml
View File

@@ -1,9 +1,9 @@
id: CVE-2025-26182
info:
name: xxyopen novel-plus - Server-Side Template Injection
name: Xxyopen Novel-Plus v4.4.0 - Server-Side Template Injection
author: pdteam
severity: critical
severity: high
description: |
xxyopen novel-plus v.4.4.0 and earlier contains a remote code execution vulnerability caused by Server-Side Template Injection in PageController.java. The vulnerability allows remote attackers to execute arbitrary code through unvalidated path parameters that are directly inserted into Thymeleaf template rendering.
impact: |
@@ -25,7 +25,7 @@ info:
verified: true
max-request: 1
shodan-query: title:"novel-plus"
tags: cve,cve2025,ssti,rce,novel-plus,thymeleaf
tags: cve,cve2025,ssti,rce,novel-plus,thymeleaf,xxyopen
http:
- method: GET