CNNVD-202511-1873 Information
CNNVD ID
CNNVD-202511-1873
Related CVE
- CNNVD Published: 2025-11-17
Description (Chinese)
Dependency-Track Front-End是Dependency-Track开源的一个用于依赖跟踪的前端UI。 Dependency-Track Front-End 4.12.0版本至4.13.6之前版本存在跨站脚本漏洞,该漏洞源于HTML清理不当,可能导致任意JavaScript执行。
Description (English)
Decendency-Track Front-End is a front-end UI for relying on tracking from Decendency-Track open source. The pre-Dependency-Track Front-End 4.12.0 to 4.13.6 pre-Script loophole, which stems from the inappropriate HTML clean-up, could lead to arbitrary JavaScript implementation.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Dependency-Track
Published
2025-11-17
Last Modified
2026-02-24
References
https://github.com/DependencyTrack/frontend/pull/1378 https://github.com/DependencyTrack/frontend/pull/986 https://github.com/DependencyTrack/frontend/commit/8fd757be612eaf4f35eadbe4c334204d7bd711be https://github.com/DependencyTrack/frontend/security/advisories/GHSA-7xvh-c266-cfr5 https://access.redhat.com/security/cve/cve-2025-64758
Patch
https://github.com/DependencyTrack/frontend/releases
Share on: