CNNVD-202509-273 Information

CNNVD ID

CNNVD-202509-273

Related CVE

CVE-2025-55944

• CNNVD Published: 2025-09-03

Description (Chinese)

Slink是Andrii Kryvoviaz个人开发者的一个自托管图像共享服务。 Slink v1.4.9版本存在安全漏洞，该漏洞源于特制SVG上传容易受到存储型跨站脚本攻击。

Description (English)

Slink is a self-hosted image-sharing service for Andrii Kryvoviaz personal developers. The Slink v1.4.9 version has a security loophole, which stems from the vulnerability of specially designed SVG uploads to storage-type cross-station script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-03

Last Modified

2026-02-24

References

https://github.com/G3XAR/Vulnerability-Research/tree/main/CVE-2025-55944 https://github.com/G3XAR/Vulnerability-Research/tree/main/Slink%20%28up%20to%201.6.3%29/PoC https://access.redhat.com/security/cve/cve-2025-55944

Patch

https://github.com/andrii-kryvoviaz/slink/releases