CVE-2025-9591

Vulnerability

Overview

CVE-2025-9591 describes a stored cross-site scripting (XSS) vulnerability in ZrLog, a blogging platform, affecting versions up to 3.1.5. The flaw resides in the theme configuration module, specifically in the /api/admin/template/config endpoint. The footerLink argument is not properly sanitized, allowing an attacker to inject arbitrary HTML or JavaScript code that is stored and later executed in the context of other users' browsers [1].

Exploitation

Details

An attacker with access to the theme configuration form (accessible via Settings -> Theme Configuration -> ZrLog Default Theme Settings -> Footer Links) can submit a crafted payload through the footerLink field. The frontend sends this data via a POST request to /api/admin/template/config. The backend TemplateController.config() method directly parses the request body into a Map without performing any security validation, such as input sanitization or Content Security Policy enforcement [1]. The attack can be launched remotely, and a proof of concept has been publicly disclosed.

Impact

Successful exploitation allows an attacker to inject malicious scripts to be executed when other users, including administrators, access pages that render the theme configuration (e.g., theme previews or pages displaying the footer). This can lead to session hijacking, unauthorized administrative actions, or information leakage [1]. The CVSS v3 base score is 2.4 (Low), reflecting the need for authenticated access and the limited scope of impact.

Mitigation

Status

The vendor was contacted but did not respond. As of the publication date, no official patch has been released. Users are advised to restrict access to the theme configuration functionality to trusted administrators and to consider applying input validation or a web application firewall (WAF) rule to block XSS payloads in the footerLink parameter until a fix is available [1].