CNNVD-202510-389 Information

CNNVD ID

CNNVD-202510-389

Related CVE

CVE-2025-61681

• CNNVD Published: 2025-10-03

Description (Chinese)

KUNO是XueMian (ICT.RUN)个人开发者的一个博客应用程序 KUNO 1.3.13及之前版本存在代码问题漏洞，该漏洞源于文件上传功能验证不足，可能导致存储型跨站脚本攻击。

Description (English)

KUNO is a blog application for XueMian (ICT.RUN) personal developers KUNO 1.3.13 There is a code gap in the pre- and pre-versions, which arises from the inadequate authentication of document upload functionality, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-03

Last Modified

2026-02-24

References

https://github.com/xuemian168/kuno/commit/fc486b5c9091b607f82bf7b354d18f25204f7dc6 https://github.com/xuemian168/kuno/releases/tag/v1.3.14 https://github.com/xuemian168/kuno/security/advisories/GHSA-q3w2-2vqp-gx3r

Patch

https://github.com/xuemian168/kuno/releases