CVE-2025-5888

Published: Jun 9, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Jsnjfz: Webstack Guns

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jsnjfz Webstack Guns	Version 1.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://github.com/Aiyakami/CVE-1/issues/5

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://github.com/luokuang1/CVE/issues/1

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.311659

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.311659

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.582062

Source: cna@vuldb.com

ExploitThird Party AdvisoryVDB Entry

https://vuldb.com/?submit.582920

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.