{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13058", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-11-12T12:40:04.119Z", "datePublished": "2025-11-12T19:32:06.630Z", "dateUpdated": "2025-11-12T21:03:16.987Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-11-12T19:32:06.630Z"}, "title": "soerennb eXtplorer Filename cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "soerennb", "product": "eXtplorer", "versions": [{"version": "2.1.0", "status": "affected"}, {"version": "2.1.1", "status": "affected"}, {"version": "2.1.2", "status": "affected"}, {"version": "2.1.3", "status": "affected"}, {"version": "2.1.4", "status": "affected"}, {"version": "2.1.5", "status": "affected"}, {"version": "2.1.6", "status": "affected"}, {"version": "2.1.7", "status": "affected"}, {"version": "2.1.8", "status": "affected"}, {"version": "2.1.9", "status": "affected"}, {"version": "2.1.10", "status": "affected"}, {"version": "2.1.11", "status": "affected"}, {"version": "2.1.12", "status": "affected"}, {"version": "2.1.13", "status": "affected"}, {"version": "2.1.14", "status": "affected"}, {"version": "2.1.15", "status": "affected"}], "modules": ["Filename Handler"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in soerennb eXtplorer up to 2.1.15 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Filename Handler. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Name des Patches ist 002def70b985f7012586df2c44368845bf405ab3. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2025-11-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-11-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-11-12T13:45:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "NomanProdhan (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.332185", "name": "VDB-332185 | soerennb eXtplorer Filename cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.332185", "name": "VDB-332185 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.682370", "name": "Submit #682370 | eXtplorer eXtplorer (PHP file manager) 2.1.15 Cross-Site Scripting (Stored)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/soerennb/extplorer/issues/33", "tags": ["issue-tracking"]}, {"url": "https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://github.com/soerennb/extplorer/issues/33", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T20:37:02.183283Z", "id": "CVE-2025-13058", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T21:03:16.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13058", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T20:37:02.183283Z"}}}], "references": [{"url": "https://github.com/soerennb/extplorer/issues/33", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T20:37:04.264Z"}}], "cna": {"tags": ["x_open-source"], "title": "soerennb eXtplorer Filename cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "NomanProdhan (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "soerennb", "modules": ["Filename Handler"], "product": "eXtplorer", "versions": [{"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.1.1"}, {"status": "affected", "version": "2.1.2"}, {"status": "affected", "version": "2.1.3"}, {"status": "affected", "version": "2.1.4"}, {"status": "affected", "version": "2.1.5"}, {"status": "affected", "version": "2.1.6"}, {"status": "affected", "version": "2.1.7"}, {"status": "affected", "version": "2.1.8"}, {"status": "affected", "version": "2.1.9"}, {"status": "affected", "version": "2.1.10"}, {"status": "affected", "version": "2.1.11"}, {"status": "affected", "version": "2.1.12"}, {"status": "affected", "version": "2.1.13"}, {"status": "affected", "version": "2.1.14"}, {"status": "affected", "version": "2.1.15"}]}], "timeline": [{"lang": "en", "time": "2025-11-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-11-12T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-11-12T13:45:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.332185", "name": "VDB-332185 | soerennb eXtplorer Filename cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.332185", "name": "VDB-332185 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.682370", "name": "Submit #682370 | eXtplorer eXtplorer (PHP file manager) 2.1.15 Cross-Site Scripting (Stored)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/soerennb/extplorer/issues/33", "tags": ["issue-tracking"]}, {"url": "https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in soerennb eXtplorer up to 2.1.15 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Filename Handler. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Name des Patches ist 002def70b985f7012586df2c44368845bf405ab3. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-11-12T19:32:06.630Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13058", "state": "PUBLISHED", "dateUpdated": "2025-11-12T21:03:16.987Z", "dateReserved": "2025-11-12T12:40:04.119Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-11-12T19:32:06.630Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue."}], "id": "CVE-2025-13058", "lastModified": "2025-11-14T16:42:30.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-11-12T20:15:38.980", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3"}, {"source": "cna@vuldb.com", "url": "https://github.com/soerennb/extplorer/issues/33"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.332185"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.332185"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.682370"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/soerennb/extplorer/issues/33"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}