CVE-2025-70846
Description
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stored XSS vulnerability in aidigu v1.9.1 allows attackers to inject malicious scripts via the password field on the /tools/Password/add page.
Vulnerability
Overview
The aidigu application version v1.9.1 contains a stored cross-site scripting (XSS) vulnerability in the /tools/Password/add endpoint. The password input field fails to properly sanitize or escape user-supplied input, allowing an attacker to inject arbitrary HTML and JavaScript code that is stored by the application [1].
Exploitation
Vectors
To exploit this vulnerability, an attacker must be able to submit a crafted payload via the password field during the password creation process. No special privileges or network position beyond normal user access to the application are required. The injected script is stored and subsequently executed in the browser of any user viewing the affected page [1].
Impact
Successful exploitation results in the execution of attacker-controlled scripts in the context of the victim's user session. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites, depending on the attacker's objectives [1].
Mitigation
Status
The vulnerability has been addressed in a subsequent release of aidigu. Users are strongly advised to upgrade to a patched version. For version v1.9.1, no official workaround has been provided other than applying the update [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.