CNNVD-202507-2813 Information

CNNVD ID

CNNVD-202507-2813

Related CVE

CVE-2025-53528

• CNNVD Published: 2025-07-21

Description (Chinese)

Cadwyn是Stanislav Zmiev个人开发者的一个API版本控制应用。 Cadwyn 5.4.3及之前版本存在跨站脚本漏洞，该漏洞源于对/docs端点version参数输入验证不足，可能导致反射型跨站脚本攻击。

Description (English)

Cadwyn is an API-based control application for Stanislav Zmiev’s personal developer. Cadwyn 5.4.3 and previous versions had a cross-site script loophole, which stemmed from inadequate validation of /docs endpoint version parameters, which could lead to a reflector-type cross-station script attack.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-07-21

Last Modified

2026-02-24

References

https://github.com/zmievsa/cadwyn/security/advisories/GHSA-2gxp-6r36-m97r https://github.com/zmievsa/cadwyn/commit/b424ecd57cd8dabbc8fe39b8f8ccafea629c7728 https://nvd.nist.gov/vuln/detail/CVE-2025-53528

Patch

https://docs.cadwyn.dev/