CNNVD-202509-1182 Information

CNNVD ID

CNNVD-202509-1182

Related CVE

CVE-2025-58430

• CNNVD Published: 2025-09-09

Description (Chinese)

listmonk是Kailash Nadh个人开发者的一个具有现代仪表板的高性能、自托管、时事通讯和邮件列表管理器。 listmonk 1.1.0及之前版本存在跨站请求伪造漏洞，该漏洞源于nonce值未验证，可能导致跨站请求伪造和跨站脚本攻击。

Description (English)

Listmonk is a high-performance, self-custody, current communications and mailing list manager with modern dashboards for Kailash Nadh personal developers. listmonk 1.1.0 and previous versions have a cross-site request forgery loophole, which originates from nonce unverified values and may lead to cross-site requests for forgery and cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

个人开发者

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/knadh/listmonk/security/advisories/GHSA-rf24-wg77-gq7w https://access.redhat.com/security/cve/cve-2025-58430

Patch

https://github.com/knadh/listmonk/releases