CNNVD-202508-2607 Information

Aug 21, 2025 cve

CNNVD ID

CNNVD-202508-2607

CVE-2025-55742

CNNVD Published: 2025-08-21

Description (Chinese)

UnoPim是UnoPim开源的一个基于 Laravel 框架的开源产品信息管理（PIM）系统。 UnoPim 0.2.1之前版本存在跨站脚本漏洞，该漏洞源于存储型跨站脚本漏洞，可能导致绕过SVG MIME清理。

Description (English)

UnoPim is an open-source product information management (PIM) system based on the Laravel framework. The pre-UnoPim 0.2.1 version had a cross-site script loophole, which originated from a storage-type cross-site script loophole, which could lead to the circumvention of SVG MIME.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

UnoPim

Published

2025-08-21

Last Modified

2026-02-24

References

https://github.com/unopim/unopim/security/advisories/GHSA-xr97-25v7-hc2q https://github.com/unopim/unopim/commit/b5e169e65725e0d80b6c79d57e62a25e1af6a3c3 https://github.com/unopim/unopim/commit/b596021b5a5e0656abe16c01ae0e84c95f9fe902 https://github.com/unopim/unopim/commit/49d5f6ac4d5d9ef7d9cdfe01853234d531c55f75 https://nvd.nist.gov/vuln/detail/CVE-2025-55742

Patch

https://unopim.com/download/

Share on: