CNNVD-202510-3988 Information
CNNVD ID
CNNVD-202510-3988
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
CKAN是CKAN开源的一个开源 DMS(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN 2.10.9之前版本和2.11.4之前版本存在跨站脚本漏洞,该漏洞源于helpers.markdown_extract函数未对输入数据进行充分清理,可能导致跨站脚本攻击。
Description (English)
CKAN is an open source of CKAN open source DMS (data management system). Used to power data centres and data portals. CKAN 2.10.9 and 2.11.4 have a cross-site script loophole, which stems from the failure of the helpers.markdown extract function to adequately clean up the input data, which may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Published
2025-10-29
Last Modified
2026-02-24
References
https://github.com/ckan/ckan/commit/6d0065f2fc7e2682196d125275af34b93e9e554e https://github.com/ckan/ckan/security/advisories/GHSA-2r4h-8jxv-w2j8 https://access.redhat.com/security/cve/cve-2025-54384
Patch
https://github.com/ckan/ckan/releases
Share on: