CNNVD-202510-3453 Information
CNNVD ID
CNNVD-202510-3453
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
eLabFTW是eLabFTW开源的一套开源的实验数据托管平台。该平台运行于Linux系统中,并支持存储多种对象。 eLabFTW存在跨站脚本漏洞,该漏洞源于SVG文件内联服务未正确处理,可能导致存储型跨站脚本攻击。
Description (English)
eLabFTW is a set of open-source experimental data hosting platforms for eLabFTW open sources. The platform operates in Linux and supports the storage of multiple objects. eLabFTW has a cross-site script loophole, which stems from the incorrect handling of the connection services in the SVG file and may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
eLabFTW
Published
2025-10-27
Last Modified
2026-02-24
References
https://github.com/elabftw/elabftw/commit/09b95e38f82f041edac0dd6962c70499e2d8d8e2 https://github.com/elabftw/elabftw/security/advisories/GHSA-rq98-8jh9-684f https://access.redhat.com/security/cve/cve-2025-62793
Patch
https://github.com/elabftw/elabftw/releases
Share on: