CVE-2025-8555
published 2025-08-05CVE-2025-8555: A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.29%
20.7th percentile
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atjiu | pybbs | — | — |
| github.com | go-acme_lego | 0 – 4.25.1 | — |
| github.com | go-acme_lego_v3 | 0 – 4.25.1 | — |
| github.com | go-acme_lego_v4 | >= 0 < 4.25.2 | 4.25.2 |
| pybbs_project | pybbs | <= 6.0.0 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.0LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS
ghsa·2025-08-06
CVE-2025-54799 [LOW] CWE-319 github.com/go-acme/lego/v4/acme/api does not enforce HTTPS
github.com/go-acme/lego/v4/acme/api does not enforce HTTPS
## Summary
It was discovered that the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client.
## Details
Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. This is stated in 6.1 of RFC 8555: [https://datatracker.ietf.org/doc/html/rfc8555#section-6.1](https://datatracker.ietf.org/doc/html/rfc8555#section-6.1)
> Each ACME function is accomplished by the client sending a sequence
> of HTTPS requests to the server [[RFC2818](https://datatracker.ietf.org/doc/html/rfc2818)], carrying JSON messages
> [[RFC8259
GHSA
GHSA-4h69-cjx4-hx8h: A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6
ghsa_unreviewed·2025-08-05
CVE-2025-8555 [MEDIUM] CWE-79 GHSA-4h69-cjx4-hx8h: A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.
Citrix
Citrix Security Bulletin CTX203879
vendor_citrix·CVSS 8.6
CVE-2015-8555 [HIGH] Citrix Security Bulletin CTX203879
Citrix Security Bulletin CTX203879
CVE References: CVE-2015-8555, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/atjiu/pybbs/commit/2fe4a51afbce0068c291bc1818bbc8f7f3b01a22https://github.com/atjiu/pybbs/issues/208https://github.com/atjiu/pybbs/issues/208#issue-3256435530https://github.com/atjiu/pybbs/issues/208#issuecomment-3134772931https://vuldb.com/?ctiid.318684https://vuldb.com/?id.318684https://vuldb.com/?submit.622199
2025-08-05
Published