CNNVD-202506-2554 Information
CNNVD ID
CNNVD-202506-2554
Related CVE
- CNNVD Published: 2025-06-18
Description (Chinese)
CryptPad是CryptPad开源的一个协作办公套件。 CryptPad 2025.3.0之前版本存在安全漏洞,该漏洞源于Link Bouncer功能过滤不足,可能导致跨站脚本攻击。
Description (English)
CryptPad is a collaborative office suite for CryptPad open source. There was a security loophole in the pre-CryptPad 2025.3.0 version, which stemmed from inadequate filtering of Link Bouncer, which could lead to cross-site script attacks.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Cryptshare Ag
Published
2025-06-18
Last Modified
2026-02-24
References
https://github.com/cryptpad/cryptpad/blob/15c81aa8ccb737a9a1167481f4a699af331364bb/www/bounce/main.js#L64-L95 https://github.com/cryptpad/cryptpad/commit/d5e4830ba104a4a442cb23aab5378b8565a95607 https://github.com/cryptpad/cryptpad/security/advisories/GHSA-vq9h-x3gr-v8rj https://access.redhat.com/security/cve/cve-2025-49590
Patch
https://github.com/cryptpad/cryptpad/releases
Share on: