CNNVD-202507-3882 Information

CNNVD ID

CNNVD-202507-3882

Related CVE

CVE-2025-40980

• CNNVD Published: 2025-07-31

Description (Chinese)

Q2A Ultimate SEO是Q2A Projects团队的一款为Question2Answer提供搜索引擎优化功能的组件。 Q2A Ultimate SEO存在跨站脚本漏洞，该漏洞源于对/products/<PRODUCT_ID>/edit中name参数输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Q2A Ultimate SEO is a component of the Q2A Projects team that provides Question2Answer with optimized search engine functions. Q2A Ultimate SEO has a cross-site script loophole, which results from inadequate verification of the /products//edit parameter input, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Q2A Projects

Published

2025-07-31

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-ultimatepos

Patch

https://ultimatefosters.com/docs/ultimatepos/getting-started/installing-ultimatepos/