CNNVD-202510-2554 Information
Oct 19, 2025
cve
CNNVD ID
CNNVD-202510-2554
Related CVE
- CNNVD Published: 2025-10-19
Description (Chinese)
Toeverything AFFiNE是Toeverything开源的一个知识管理软件。 AFFiNE 0.24.1及之前版本存在代码注入漏洞,该漏洞源于Avatar Upload Image Endpoint组件存在未知代码缺陷,可能导致跨站脚本攻击。
Description (English)
To everything AFFINE is a knowledge management software that is an open source for everything. The AFFiNE 0.24.1 and previous versions have a code injection loophole, which stems from unknown code defects in the Avatar Upload Image Endpoint component, which may lead to cross-site script attacks.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
Toeverything
Published
2025-10-19
Last Modified
2026-02-24
References
https://drive.google.com/file/d/1L6gX0GY8cE9rS6o50oJzuMRPVMerFQNS https://vuldb.com/?ctiid.329025 https://vuldb.com/?id.329025 https://vuldb.com/?submit.670888