CNNVD-202510-1151 Information

CNNVD ID

CNNVD-202510-1151

Related CVE

CVE-2025-61183

• CNNVD Published: 2025-10-08

Description (Chinese)

vaahcms是WebReinvent Technologies Pvt Ltd开源的一个web应用程序开发平台。 vaahcms 2.3.1版本存在安全漏洞，该漏洞源于UserBase.php中storeAvatar方法的上传功能存在跨站脚本，可能导致执行任意代码。

Description (English)

Vaahcms is a web application development platform for WebReinvent Technologies Pvt Ltd open source. There is a security loophole in version vaahcms 2.3.1 from the upload function of thestore Avatar method in UserBase.php, which may result in the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WebReinvent Technologies Pvt Ltd

Published

2025-10-08

Last Modified

2026-02-24

References

https://github.com/thawphone/CVE-2025-61183 https://github.com/webreinvent/vaahcms/issues/301 https://access.redhat.com/security/cve/cve-2025-61183