CVE-2025-70846
📋 TL;DR
Aidigu v1.9.1 contains a stored cross-site scripting vulnerability in the password input field on the /tools/Password/add page. This allows attackers to inject malicious scripts that execute when users view the affected page. Users of Aidigu v1.9.1 who access the password management tools are affected.
💻 Affected Systems
- Aidigu
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or install malware through the victim's browser.
Likely Case
Session hijacking leading to unauthorized access to the Aidigu application and potential privilege escalation within the system.
If Mitigated
Limited impact with proper input validation, output encoding, and Content Security Policy headers in place.
🎯 Exploit Status
Exploitation requires access to the password management interface. The GitHub repository shows proof-of-concept payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://github.com/lty628/aidigu
Restart Required: No
Instructions:
1. Monitor the official Aidigu repository for security updates. 2. Apply any available patches immediately. 3. Implement input validation and output encoding as temporary mitigation.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation to reject or sanitize HTML/JavaScript in password fields
Implement input validation in the password handling code to strip or escape <, >, &, ", ' characters
Content Security Policy
allImplement CSP headers to restrict script execution
Add header: Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Disable or restrict access to the /tools/Password/add page
- Implement web application firewall rules to block XSS payloads in password fields
🔍 How to Verify
Check if Vulnerable:
Test by entering <script>alert('XSS')</script> in the password field on /tools/Password/add page and check if script executesCheck Version:
Check Aidigu version in application interface or configuration filesVerify Fix Applied:
Test with same payload after implementing fixes - script should not execute and input should be properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual length or special characters in password field submissions
- Multiple failed attempts with script-like content
Network Indicators:
- HTTP POST requests to /tools/Password/add containing script tags or JavaScript code
SIEM Query:
source="web_logs" AND uri="/tools/Password/add" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")