CNNVD-202509-1151 Information

Sep 09, 2025 cve

CNNVD ID

CNNVD-202509-1151

CVE-2025-58765

  • CNNVD Published: 2025-09-09

Description (Chinese)

wabac.js是Webrecorder开源的一个档案浏览客户端。 wabac.js 2.23.10及之前版本存在跨站脚本漏洞,该漏洞源于requestURL参数未清理和转义,可能导致反射型跨站脚本攻击。

Description (English)

Wabac.js is an open-source file of Webrecorder. Wavac.js 2.23.10 and earlier versions had a cross-site script loophole, which stemmed from the uncleaned and transposition of requestURL parameters, which could lead to a reflective cross-station script attack.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Webrecorder

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/webrecorder/wabac.js/commit/25feb4a5af69a6b65694426eae67b890be438c4c https://github.com/webrecorder/wabac.js/security/advisories/GHSA-w765-jm6w-4hhj https://github.com/webrecorder/wabac.js/releases/tag/v2.23.11 https://access.redhat.com/security/cve/cve-2025-58765

Patch

https://github.com/webrecorder/wabac.js/releases

Share on: