CNNVD-202508-1770 Information
CNNVD ID
CNNVD-202508-1770
Related CVE
- CNNVD Published: 2025-08-14
Description (Chinese)
Vvveb是Givan个人开发者的一个强大且易于使用的CMS,用于构建网站、博客或电子商务商店。 Vvveb 1.0.5及之前版本存在代码注入漏洞,该漏洞源于对文件admin/template/content/edit.tpl中参数slug的错误操作导致跨站脚本。
Description (English)
Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Vvveb 1.5 and previous versions have a code-injection loophole, which results from the error in the slug for the parameter in file admin/template/content/edit.tpl.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2025-08-14
Last Modified
2026-02-24
References
https://vuldb.com/?submit.628296 https://vuldb.com/?ctiid.319971 https://github.com/givanz/Vvveb/releases/tag/1.0.6 https://hkohi.ca/vulnerability/6 https://vuldb.com/?id.319971 https://gist.github.com/0xHamy/b2674eeffd1f73af96d29f152c47bcbd https://github.com/givanz/Vvveb/commit/84c11d69df8452dc378feecd17e2a62ac10dac66 https://nvd.nist.gov/vuln/detail/CVE-2025-8975
Patch
https://github.com/givanz/Vvveb/releases
Share on: