CNNVD-202506-2565 Information
CNNVD ID
CNNVD-202506-2565
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
OpenList Frontend是OpenList Team开源的一个应用程序,保护开源项目免受基于信任的攻击。 OpenList Frontend 4.0.0-rc.4之前版本存在跨站脚本漏洞,该漏洞源于文件预览功能中.py文件可能被解释为HTML,导致存储型跨站脚本攻击。
Description (English)
OpenList Front is an application of OpenList Team open source to protect open source projects from trust-based attacks. The pre-OpenList Front 4.0.0-rc.4 version has a cross-site script loophole, which stems from the document preview function.py files may be interpreted as HTML, leading to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
OpenList Team
Published
2025-06-19
Last Modified
2026-02-24
References
https://github.com/OpenListTeam/OpenList/security/advisories/GHSA-2hw3-h8qx-hqqp https://github.com/OpenListTeam/OpenList-Frontend/commit/7b5ed20c608c7b9b36d1950a386678e0a89f8175
Patch
https://github.com/OpenListTeam/OpenList/tags
Share on: