CNNVD-202509-3267 Information
CNNVD ID
CNNVD-202509-3267
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Mesh Connect JS SDK是Mesh开源的一个Java库。 Mesh Connect JS SDK 3.3.2之前版本存在跨站脚本漏洞,该漏洞源于createLink.openLink函数未对URL协议进行清理,可能导致执行任意JavaScript代码。
Description (English)
Mesh Connect JS SDK is a Java bank of Mesh Open Source. Mesh Contact JS SDK 3.3.2 had a cross-site script loophole, which originated from the lack of clean-up of the URL protocol in the CreateLink.openLink function, which could result in the execution of any JavaScript code.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Mesh
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/FrontFin/mesh-web-sdk/commit/7f22148516d58e21a8b7670dde927d614c0d15c2 https://github.com/FrontFin/mesh-web-sdk/blob/cf013b85ab95d64c63cbe46d6cb14695474924e7/packages/link/src/Link.ts#L441 https://github.com/FrontFin/mesh-web-sdk/pull/124 https://github.com/FrontFin/mesh-web-sdk/security/advisories/GHSA-vh3f-qppr-j97f https://access.redhat.com/security/cve/cve-2025-59430
Patch
https://github.com/FrontFin/mesh-web-sdk/releases
Share on: