VYPR
← All advisories
Low severity3.5NVD Advisory· Published Apr 8, 2025· Updated Apr 15, 2026

CVE-2025-3393

CVE-2025-3393

Description

A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A cross-site scripting vulnerability in the Personal Settings Interface of mrcen springboot-ucan-admin allows remote attackers to execute arbitrary JavaScript.

Vulnerability

Overview

A cross-site scripting (XSS) vulnerability has been identified in the Personal Settings Interface of mrcen springboot-ucan-admin, specifically in the /ucan-admin/index endpoint. The issue is classified as problematic with a low severity (CVSS 3.5) [1]. The latest affected commit is up to 5f35162032cbe9288a04e429ef35301545143509; the product does not follow versioning, making affected and unaffected releases unclear [1].

Exploitation

The attack can be initiated remotely without authentication, as the interface is accessible via the web [1]. An attacker can inject malicious scripts into the personal settings form, which are then stored and executed in the browsers of other users viewing the settings page. The exploit has been publicly disclosed and may be used by malicious actors [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, theft of sensitive data, or defacement of the application [1].

Mitigation

As of the publication date, no official patch is available due to the lack of versioning [1]. Users should sanitize all user input and consider implementing Content Security Policy (CSP) or disabling affected functionality until a fix is provided.

References
  1. The system has an xss vulnerability · Issue #IBT2W5 · 林中白狼/springboot-ucan-admin - Gitee

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.