CNNVD-202508-3288 Information

CNNVD ID

CNNVD-202508-3288

Related CVE

CVE-2025-9591

• CNNVD Published: 2025-08-28

Description (Chinese)

ZrLog是xiaochun个人开发者的一款使用Java语言开发的博客系统。 ZrLog 3.1.5及之前版本存在安全漏洞，该漏洞源于对文件/api/admin/template/config中参数footerLink的错误操作导致跨站脚本。

Description (English)

ZrLog is a blog system developed in Java by the xiaochun personal developers. There is a security loophole in ZrLog 3.1.5 and previous versions, which stems from the error of the argument FouterLink in file/api/admin/template/config resulting in a cross-site script.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-28

Last Modified

2026-02-24

References

https://vuldb.com/?submit.636176 https://vuldb.com/?id.321765 https://vuldb.com/?ctiid.321765 https://github.com/SaaS5SaaS/CVE/issues/3 https://nvd.nist.gov/vuln/detail/CVE-2025-9591

Patch

https://www.zrlog.com/download