CNNVD-202507-158 Information
CNNVD ID
CNNVD-202507-158
Related CVE
- CNNVD Published: 2025-07-02
Description (Chinese)
Progress Telerik UI for ASP.NET Core等都是美国Progress公司的产品。Progress Telerik UI for ASP.NET Core是一套用于构建跨平台响应式Web应用程序的UI组件库。Progress Telerik UI for Blazor是一个Blazor组件库。Progress Telerik UI for ASP.NET MVC是一个UI组件库。 Progress多款产品存在跨站脚本漏洞,该漏洞源于加载特制文档后DOM重新渲染时验证不足,可能导致跨站脚本攻击。以下产品受到影响:Telerik UI for ASP.NET Core、Telerik UI for Blazor、Telerik UI for ASP.NET MVC、KendoReact、Kendo UI for Angular和Kendo UI for jQuery。
Description (English)
Progress Tellerik UI for ASP.NET Core and others are products of Progress. Progress Teleik UI for ASP.NET Core is a UI module library for building a cross-platform Web-responsive application. Progress Tellerik UI for Blazor is a Blazor assembly. Progress Tellerik UI for ASP.NET MVC is a UI assembly library. Progress multi-products have a cross-site script loophole, which results from inadequate validation when re-advertised after loading the special document, which may lead to cross-site script attacks. The following products were affected: Teleik UI for ASP.NET Core, Teleik UI for Blazor, Teleik UI for ASP.NET MVC, KendoReact, Kendo UI for Angular and Kendo UI for jQuery.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Progress
Published
2025-07-02
Last Modified
2026-02-24
References
https://www.telerik.com/aspnet-core-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725 https://www.telerik.com/aspnet-mvc/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725 https://www.telerik.com/blazor-ui/documentation/knowledge-base/pdfviewer-xss-vulnerability-cve-2025-6725 https://www.telerik.com/kendo-angular-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725 https://www.telerik.com/kendo-jquery-ui/documentation/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725 https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-pdfviewer-xss-cve-2025-6725