Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-15454

Good to know:

icon

Date: January 4, 2026

A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.

Severity Score

Related Resources (8)

https://vuldb.com/?submit.725038
https://github.com/zhanglun/lettura/commit/67213093db9923e828a6e3fd8696a998c85da2d4
https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3
https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3#proof-of-concept
https://nvd.nist.gov/vuln/detail/CVE-2025-15454
https://vuldb.com/?id.339487
https://vuldb.com/?ctiid.339487
https://www.mend.io/vulnerability-database/CVE-2025-15454

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us