CNNVD-202510-3769 Information
CNNVD ID
CNNVD-202510-3769
Related CVE
- CNNVD Published: 2025-10-28
Description (Chinese)
sharp是lovell个人开发者的一款用于将常见格式的大图像转换为更小的、对 Web 友好的 JPEG、PNG、WebP、GIF 和不同尺寸的 AVIF 图像。 sharp 9.11.1之前版本存在跨站脚本漏洞,该漏洞源于SharpShowTextField组件渲染内容时未正确处理表达式,可能导致跨站脚本攻击。
Description (English)
The sharp is a paragraph by Lovell Personal Developer to convert large images in common formats to smaller, web-friendly JPEG, PNG, WebP, GIF and different sizes of AVIF images. The pre-sharp 9.11.1 version had a cross-site script loophole, which originated from the failure to correctly process expressions when the SharpShowTextFild components were being rendered, and could lead to cross-script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2025-10-28
Last Modified
2026-02-24
References
https://github.com/code16/sharp/security/advisories/GHSA-9f58-4465-23c7 https://github.com/code16/sharp/pull/654 https://github.com/code16/sharp/releases/tag/v9.11.1 https://access.redhat.com/security/cve/cve-2025-62798
Patch
https://github.com/code16/sharp/releases
Share on: