CNNVD-202510-3986 Information

CNNVD ID

CNNVD-202510-3986

Related CVE

CVE-2025-60898

• CNNVD Published: 2025-10-29

Description (Chinese)

Halo CMS是中国凌霞（Halo）公司的一个博客和内容管理系统。 Halo CMS 2.21版本存在安全漏洞，该漏洞源于Thumbnail via-uri端点未经验证的用户输入，可能导致服务器端请求伪造攻击。

Description (English)

Haro CMS is a blog and content management system of the Chinese company Halo. Haro CMS version 2.21 contains a security loophole originating from unverified user input of the Thumbnail Via-uri endpoint, which may lead to a request from the server for a false attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

凌霞

Published

2025-10-29

Last Modified

2026-02-24

References

http://halo.com https://github.com/abdulr7mann/CVEs/blob/main/CVE-2025-60898/CVE-2025-60898.md https://access.redhat.com/security/cve/cve-2025-60898