CVE-2025-45778 PoC — Language Sloth Web Application 安全漏洞

Source

Associated Vulnerability

Description

A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary javascript or HTML code via injecting a crafted payload into the "Description" text field when creating a new project.

Readme

# CVE-2025-45778
CVE-2025-45778: Authenticated Stored XSS.

An authenticated stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary JavaScript or HTML code via injecting a crafted payload into the "Description" text field when creating a new project.

<img width="1501" height="709" alt="image" src="https://github.com/user-attachments/assets/122f17b9-5783-4021-b900-f5d943b8cecc" />

Once the payload is injected, every time that a user opens the page it will trigger the payload.

<img width="840" height="279" alt="image" src="https://github.com/user-attachments/assets/36dbefad-2f5e-439f-82a6-988db973ead7" />

A simple payload such as `<script>alert('XSS')</script>` is enough to trigger the Stored XSS vulnerability.

The vendor is aware of the vulnerability and authorized the publication of this article.

# Credits for discovery
Ivan Carlos Oliveira (smarttfoxx), Filipe Ortega (Lain), Rogerio Josef Massouh (V01)

File Snapshot

 [4.0K]  /data/pocs/10de16860eb3553ab5405c1b525748ea374e9a8e
└── [ 997]  README.md

0 directories, 1 file

Remarks