漏洞描述
发现Exrickxboot版本至3.3.4存在一个严重漏洞。此问题影响组件Swagger的某些未知处理过程,涉及文件xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java。参数loginUrl的操作会导致服务器端请求伪造。攻击可能远程发起。该漏洞已被公开并可能被利用。
Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-7901)RuoYi Swagger UI组件configUrl参数跨站脚本漏洞
- Swagger-UI-XSS: 3.14.1<=Swagger-UI-XSS< 3.38.0
- POC CVE-2018-25031: Swagger UI < 3.38.0 - Cross-Site Scripting
- POC CVE-2025-8191: Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting
- POC CVE-2022-0381: WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
- POC CVE-2024-22207: Fastify Swagger-UI - Information Disclosure
- POC CVE-2024-24112: Exrick XMall - SQL Injection
- POC CVE-2024-24112: Exrick XMall 开源商城 SQL注入漏洞
- POC swagger-disclosure: Public Swagger API Desclosure
- FastAPI Swagger Api 接口未授权访问漏洞
- Exrick XMall 电商购物商城 CVE-2024-24112 SQL注入漏洞
- WordPress Embed Swagger CVE-2022-0381跨站脚本漏洞