AzonPost - Reflected cross-site scripting (XSS)
Summary
| Name | AzonPost 1.3 - Reflected cross-site scripting (XSS) |
| Code name | skims-0010 |
| Product | AzonPost |
| Affected versions | Version 1.3 |
| State | Private |
| Release date | 2025-03-14 |
Vulnerability
| Kind | Reflected cross-site scripting (XSS) |
| Rule | Reflected cross-site scripting (XSS) |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U |
| CVSSv4 Base Score | 4.8 (Medium) |
| Exploit available | No |
| CVE ID(s) | CVE-2025-31295 |
Description
AzonPost 1.3 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/azonpost-campaign.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in AzonPost 1.3. The following is the output of the tool:
Skims output
389 | <p>If post content couldn't reach the minimum threshold of <?php echo $dbbacalagi;?> words count, then it will try
390 | <br />
391 | </div>
392 | </div>
393 | <br />
394 | <div class=""inside"">
395 | <table><tr><td>
396 | <p class=""submit"" style=""margin-left:35px;""><input type=""submit"" class=""button-primary"" name=""simpenpos"" value=""<
> 397 | <input type=""hidden"" name=""ap_id"" value=""<?php echo $_POST['editpos_hidden'];?>""><p class=""submit""><input type=""s
398 | </td></tr>
399 | </table>
400 | </div>
401 | </div>
402 | <div id=""ads"" class=""postbox"">
403 | <div class=""inside"">
404 | <p align=""center"">
405 | <script type=""text/javascript""><!--
^ Col 0
Our security policy
We have reserved the ID CVE-2025-31295 to refer to this issue from now on.
System Information
- Product: AzonPost
- Version: 1.3
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-03-14
Vulnerability discovered.
2025-03-14
Vendor contacted.
