CNNVD-202509-1650 Information
CNNVD ID
CNNVD-202509-1650
Related CVE
- CNNVD Published: 2025-09-11
Description (Chinese)
Ascensio System ONLYOFFICE是拉脱维亚Ascensio System公司的一款办公软件。 Ascensio System ONLYOFFICE 12.7.0及之前版本存在安全漏洞,该漏洞源于文件/Products/Projects/Messages.aspx中SVG Image Handler组件处理不当,可能导致跨站脚本攻击。
Description (English)
Ascensio System ONLYOFFICE is an office software for the Latvian company Ascensio System. Ascensio System ONLYOFFICE 12.7.0 and earlier versions had a security loophole, which stemmed from the inappropriate handling of the SVG Image Handler component in document/Producs/Projects/Messages.aspx, which could result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ascertia
Published
2025-09-11
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.323614 https://vuldb.com/?id.323614 https://vuldb.com/?submit.635870 https://hkohi.ca/vulnerability/20 https://access.redhat.com/security/cve/cve-2025-10254
Share on: