CNNVD-202508-2581 Information

CNNVD ID

CNNVD-202508-2581

Related CVE

CVE-2025-57768

• CNNVD Published: 2025-08-21

Description (Chinese)

Phproject是Alan个人开发者的一套项目管理系统。该系统支持问题管理、任务管理和仪表板等功能。 Phproject 1.8.0至1.8.3之前版本存在跨站脚本漏洞，该漏洞源于创建新项目时Planned Hours字段存在存储型跨站脚本，可能导致恶意脚本执行。

Description (English)

Phproject is a project management system for Alan’s personal developers. The system supports features such as problem management, task management and dashboards. Before Phproject 1.8.0 to 1.8.3, there was a cross-site script loophole, which arose from the storage of the Planned Hours field at the time of the creation of the new project, which could lead to malicious script execution.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-08-21

Last Modified

2026-02-24

References

https://github.com/Alanaktion/phproject/security/advisories/GHSA-mhhg-qx37-g369 https://nvd.nist.gov/vuln/detail/CVE-2025-57768

Patch

https://github.com/Alanaktion/phproject/releases