CNNVD-202508-3714 Information
CNNVD ID
CNNVD-202508-3714
Related CVE
- CNNVD Published: 2025-08-31
Description (Chinese)
Vvveb是Givan个人开发者的一个强大且易于使用的CMS,用于构建网站、博客或电子商务商店。 Vvveb 1.0.7.2版本存在安全漏洞,该漏洞源于对文件app/template/user/login.tpl中参数Email/Password的错误操作导致跨站脚本。
Description (English)
Vvveb is a powerful and easy-to-use CMS for Givan personal developers to build a website, blog or e-commerce store. Version 1.0.7.2 of Vvveb has a security loophole that results from an error in the Email/Password for the parameter in documentapp/template/user/login.tpl, resulting in a cross-site script.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-31
Last Modified
2026-02-24
References
https://github.com/kwerty138/Reflected-XSS-in-Vvveb-CMS-v1.0.7.2 https://github.com/givanz/Vvveb/issues/323 https://vuldb.com/?submit.639704 https://vuldb.com/?id.322017 https://vuldb.com/?ctiid.322017 https://github.com/givanz/Vvveb/commit/bbd4c42c66ab818142240348173a669d1d2537fe https://access.redhat.com/security/cve/cve-2025-9728 https://nvd.nist.gov/vuln/detail/CVE-2025-9728
Share on: