CNNVD-202510-3329 Information

CNNVD ID

CNNVD-202510-3329

Related CVE

CVE-2025-58070

• CNNVD Published: 2025-10-25

Description (Chinese)

Pleasanter是Pleasanter公司的一款免费的 OSS 无代码/低代码开发工具。 Pleasanter存在跨站脚本漏洞，该漏洞源于附件预览功能中存在存储型跨站脚本漏洞，可能导致在已登录用户的Web浏览器中执行任意脚本。

Description (English)

Pleasanter is a free OSS code-free/low-code development tool for Pleasanter. There is a cross-site script loophole in Pleasanter, which stems from the storage-type cross-site script gap in the attachment preview, which may lead to the implementation of any script in the login user’s Web browser.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Pleasanter

Published

2025-10-25

Last Modified

2026-02-24

References

https://pleasanter.org/archives/vulnerability-update-20251024 https://jvn.jp/en/jp/JVN20611740/ https://access.redhat.com/security/cve/cve-2025-58070

Patch

https://pleasanter.org/archives/vulnerability-update-20251024