CNNVD-202509-3830 Information
Sep 24, 2025
cve
CNNVD ID
CNNVD-202509-3830
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Mangati NovoSGA是巴西Mangati公司的一个服务管理系统。 Mangati NovoSGA 2.2.9及之前版本存在代码注入漏洞,该漏洞源于对文件/admin中参数logoNavbar/logoLogin的错误操作,可能导致跨站脚本攻击。
Description (English)
Mangati NovosGA is a service management system for Mangati, Brazil. Mangati NovoSGA 2.2.9 and earlier versions had a code insertion loophole, which stemmed from an error in the logo Navbar/logo Login parameter in the file/admin, which could lead to a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Mangati
Published
2025-09-24
Last Modified
2026-02-24
References
https://hackmd.io/@noka/B1qwCyR9ll https://vuldb.com/?ctiid.325696 https://vuldb.com/?submit.651379 https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload https://vuldb.com/?id.325696 https://access.redhat.com/security/cve/cve-2025-10909
Patch
https://github.com/novosga/novosga/releases
Share on: