CNNVD-202510-2469 Information
CNNVD ID
CNNVD-202510-2469
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ThingsBoard是ThingsBoard团队的一个基于Java用于IOT设备进行监控、管理、数据收集的平台。 ThingsBoard 4.2.1之前版本存在安全漏洞,该漏洞源于对上传SVG文件的清理不足和内容类型验证不当,可能导致存储型跨站脚本攻击。
Description (English)
ThingsBoard is a platform for monitoring, managing and collecting data based on Java for IOT equipment. There was a security loophole in the previous version of ThingsBoard 4.2.1, which stemmed from inadequate clean-up of uploading SVG documents and inadequate verification of content types, which could lead to storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ThingsBoard
Published
2025-10-17
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/thingsboard-svg-image-stored-xss https://advisory.checkmarx.net/advisory/CVE-2025-3261/ https://github.com/thingsboard/thingsboard/pull/13927 https://github.com/thingsboard/thingsboard/commit/b2ae6f92d12206ea185a2e882945a6b69234bf03 https://github.com/thingsboard/thingsboard/releases/tag/v4.2.1 https://access.redhat.com/security/cve/cve-2025-34281
Patch
https://github.com/thingsboard/thingsboard/releases
Share on: