CNNVD-202510-3326 Information

CNNVD ID

CNNVD-202510-3326

Related CVE

CVE-2025-61931

• CNNVD Published: 2025-10-25

Description (Chinese)

Pleasanter是Pleasanter公司的一款免费的 OSS 无代码/低代码开发工具。 Pleasanter存在跨站脚本漏洞，该漏洞源于Body、Description和Comments中存在存储型跨站脚本漏洞，可能导致攻击者在登录用户的Web浏览器中执行任意脚本。

Description (English)

Pleasanter is a free OSS code-free/low-code development tool for Pleasanter. Pleasanter has a cross-site script loophole, which stems from storage-type cross-site scripts in Body, Description and Comments, which may result in the assailant performing any script in the Web browser of the login user.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Pleasanter

Published

2025-10-25

Last Modified

2026-02-24

References

https://pleasanter.org/archives/vulnerability-update-20251024 https://jvn.jp/en/jp/JVN20611740/ https://access.redhat.com/security/cve/cve-2025-61931

Patch

https://pleasanter.org/archives/vulnerability-update-20251024