CNNVD-202510-2620 Information
Oct 20, 2025
cve
CNNVD ID
CNNVD-202510-2620
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
TastyIgniter是TastyIgniter开源的一个在线订购软件。 TastyIgniter 3.7.7版本存在安全漏洞,该漏洞源于/admin/media_manager组件未正确处理SVG文件中的JavaScript代码,可能导致跨站脚本攻击。
Description (English)
TastyIgniter is an online subscription from TastyIgniter Open Source. There is a security loophole in version 3.7.7 of TastyIgniter, which originates from/admin/media manager ’ s incorrect handling of the JavaScript code in the SVG file, which may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
TastyIgniter
Published
2025-10-20
Last Modified
2026-02-24
References
https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md https://github.com/tastyigniter/TastyIgniter https://access.redhat.com/security/cve/cve-2025-61417
Patch
https://tastyigniter.com/docs/installation
Share on: