CVE-2025-5879
published 2025-06-09CVE-2025-5879: A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.25%
15.8th percentile
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 72crm | wukong_crm | — | — |
| chrome_chrome | — | — | |
| wukongopensource | wukongcrm | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6j9c-246r-2553: A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9
ghsa_unreviewed·2025-06-09
CVE-2025-5879 [MEDIUM] CWE-79 GHSA-6j9c-246r-2553: A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Chrome
Stable Channel Update for Desktop: CVE-2026-5879
vendor_chrome·2026-04-07·CVSS 8.8
CVE-2026-5879 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5879
Stable Channel Update for Desktop
CVE-2026-5879: Insufficient validation of untrusted input in ANGLE. Reported by parkminchan, working for SSD Labs Korea on 2023-10-01 [TBD][ 424995036 ] Medium CVE-2026-5880: Incorrect security UI in browser UI
Reported by Anonymous on 2025-06-14 [TBD][ 454162508 ] Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-09
Published