CNNVD-202510-2549 Information
CNNVD ID
CNNVD-202510-2549
Related CVE
- CNNVD Published: 2025-10-19
Description (Chinese)
LogicalDOC Community Edition是意大利LogicalDOC公司的一个文档系统。 LogicalDOC Community Edition 9.2.1及之前版本存在代码注入漏洞,该漏洞源于对文件/frontend.jsp中参数First Name/Last Name/Company/Address/Phone/Mobile的错误操作,可能导致跨站脚本攻击。
Description (English)
The LogicalDOC Commission is a filing system of LogicalDOC, Italy. LogicalDOC Commission 9.2.1 and previous versions have a code-infusion loophole, which results from an error in the argument First Name/Last Name/Commany/Address/Phone/Mobile in file/frontend.jsp, which may result in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
LogicalDOC
Published
2025-10-19
Last Modified
2026-02-24
References
https://vuldb.com/?id.329026 https://vuldb.com/?submit.671389 https://vuldb.com/?ctiid.329026 https://gist.github.com/thezeekhan/231d87163fbb84f94c9c94f13b88db90#steps-to-reproduce https://access.redhat.com/security/cve/cve-2025-11946
Share on: