关键漏洞信息 CVE: CVE-2025-14013 Vulnerability Type: Cross Site Scripting (XSS) Affected Software: JIZHICMS up to version 2.5.5 Affected File: Component: Comment Handler Exploitability: Easy, can be launched remotely Impact: XSS due to improper neutralization of user-controllable input in the parameter Summary A vulnerability was identified in JIZHICMS up to 2.5.5, leading to XSS through the manipulation of the parameter in the Comment Handler component. Details CWE: CWE-79 (Improper Neutralization of Input) Risk Rating: CVSS v3 Base Score: 2.2 Exploit: Public exploit and technical details available on GitHub Vendor Response: No response from the vendor after being contacted.