CNNVD-202509-4329 Information

CNNVD ID

CNNVD-202509-4329

Related CVE

CVE-2025-57769

• CNNVD Published: 2025-09-29

Description (Chinese)

FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.26.3及之前版本存在安全漏洞，该漏洞源于特制页面可能诱骗用户执行任意JS代码或提升用户权限，可能导致权限提升或跨站脚本攻击。

Description (English)

FreshRSS is a free, self-serving RSS polymer for FreshRSS. There is a security loophole in FreshRSS 1.26.3 and previous versions, which stems from the fact that specially designed pages may induce users to enforce arbitrary JS codes or enhance user privileges, which may lead to an increase in privileges or a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FreshRSS

Published

2025-09-29

Last Modified

2026-02-24

References

https://github.com/FreshRSS/FreshRSS/pull/7677 https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0 https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-wm5p-7pr7-c8rw

Patch

https://github.com/FreshRSS/FreshRSS/releases