{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13058","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-11-12T12:40:04.119Z","datePublished":"2025-11-12T19:32:06.630Z","dateUpdated":"2026-02-24T06:26:50.944Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T06:26:50.944Z"},"title":"soerennb eXtplorer Filename cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"soerennb","product":"eXtplorer","versions":[{"version":"2.1.0","status":"affected"},{"version":"2.1.1","status":"affected"},{"version":"2.1.2","status":"affected"},{"version":"2.1.3","status":"affected"},{"version":"2.1.4","status":"affected"},{"version":"2.1.5","status":"affected"},{"version":"2.1.6","status":"affected"},{"version":"2.1.7","status":"affected"},{"version":"2.1.8","status":"affected"},{"version":"2.1.9","status":"affected"},{"version":"2.1.10","status":"affected"},{"version":"2.1.11","status":"affected"},{"version":"2.1.12","status":"affected"},{"version":"2.1.13","status":"affected"},{"version":"2.1.14","status":"affected"},{"version":"2.1.15","status":"affected"}],"cpes":["cpe:2.3:a:extplorer:extplorer:*:*:*:*:*:*:*:*"],"modules":["Filename Handler"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:OF/RC:C"}}],"timeline":[{"time":"2025-11-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-11-12T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-01-03T01:50:51.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"NomanProdhan (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.332185","name":"VDB-332185 | soerennb eXtplorer Filename cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.332185","name":"VDB-332185 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.682370","name":"Submit #682370 | eXtplorer eXtplorer (PHP file manager) 2.1.15 Cross-Site Scripting (Stored)","tags":["third-party-advisory"]},{"url":"https://github.com/soerennb/extplorer/issues/33","tags":["issue-tracking"]},{"url":"https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3","tags":["patch"]},{"url":"https://github.com/soerennb/extplorer/","tags":["product"]}],"tags":["x_open-source"]},"adp":[{"references":[{"url":"https://github.com/soerennb/extplorer/issues/33","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-12T20:37:02.183283Z","id":"CVE-2025-13058","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-12T21:03:16.987Z"}}]}}