CNNVD-202511-127 Information

CNNVD ID

CNNVD-202511-127

Related CVE

CVE-2025-48076

• CNNVD Published: 2025-11-04

Description (Chinese)

Galette是Galette开源的一个面向非营利组织的会员管理网络应用程序。 Galette 1.1.5.2及之前版本存在安全漏洞，该漏洞源于允许用户编辑组名并插入XSS有效载荷，可能导致跨站脚本攻击。

Description (English)

Galette is a member-managed web application for non-profit organizations that is open to Galette. There is a security loophole in Galette 1.1.5.2 and earlier versions, which stems from allowing users to edit group names and insert XSS payloads, which may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Galette

Published

2025-11-04

Last Modified

2026-02-24

References

https://github.com/galette/galette/security/advisories/GHSA-ccwq-mxx3-chvh https://access.redhat.com/security/cve/cve-2025-48076

Patch

https://github.com/galette/galette