CNNVD-202510-815 Information
Oct 06, 2025
cve
CNNVD ID
CNNVD-202510-815
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
CmsEasy是中国九州易通(CmsEasy)公司的一套用于创建响应式网站的内容管理系统(CMS)。 CmsEasy 7.7.7及之前版本存在代码注入漏洞,该漏洞源于对组件URL Handler中文件lib/inc/view.php的参数PHP_SELF操作不当,可能导致跨站脚本攻击。
Description (English)
CmsEasy is a content management system (CMS) for the creation of a responsive web site for KyushuEasy, China. CmsEasy 7.7.7 and previous versions have a code-infusion loophole, which stems from the improper operation of PHP SELF, the parameter for the file lib/inc/view.php in component URL Handler, which may result in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
九州易通
Published
2025-10-06
Last Modified
2026-02-24
References
https://vuldb.com/?submit.664560 https://github.com/tiancesec/CVE/issues/5 https://vuldb.com/?ctiid.327215 https://vuldb.com/?id.327215