CNNVD-202510-1244 Information
CNNVD ID
CNNVD-202510-1244
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center存在安全漏洞,该漏洞源于远程认证攻击者可上传包含JavaScript或其他内容的SVG文件,可能导致Web浏览器执行或渲染恶意内容。
Description (English)
Newforma Project Center Server is a project information management solution for a Newforma construction, engineering and construction (AEC) industry for central storage and management of project files and collaboration. Newforma Project Center has a security loophole, which stems from the remote authentication that the assailant can upload a SVG file containing JavaScript or other content, which may lead to the execution or rendering of malicious content by the Web browser.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Newforma
Published
2025-10-09
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35060
Patch
https://www.newforma.com/newforma-project-center/
Share on: