CNNVD-202510-1708 Information

CNNVD ID

CNNVD-202510-1708

Related CVE

CVE-2025-11655

• CNNVD Published: 2025-10-13

Description (Chinese)

Total.js Flow是Total.js Platform开源的一个可视化变成工具。 Total.js Flow存在代码问题漏洞，该漏洞源于SVG File Handler组件存在未限制上传功能，可能导致远程攻击。

Description (English)

Total.js Flow is a visualization tool for the Total.js Platform open source. Total.js Flow has a code gap that stems from the unrestricted upload function of the SVG File Handler component, which may lead to a remote attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Total.js Platform

Published

2025-10-13

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.328072 https://vuldb.com/?id.328072 https://vuldb.com/?submit.665479 https://vuldb.com/?submit.665497