CNNVD-202511-2166 Information
CNNVD ID
CNNVD-202511-2166
Related CVE
- CNNVD Published: 2025-11-19
Description (Chinese)
homarr是Thomas Camlong个人开发者的一个可定制的浏览器主页,用于与主服务器的 Docker 容器进行交互。 homarr 1.43.3之前版本存在代码问题漏洞,该漏洞源于恶意上传的SVG文件可能导致存储型跨站脚本攻击,可能导致权限提升。
Description (English)
Homarr is the home page of a custom browser for Thomas Camlong personal developer to interact with the Docker container on the main server. Hamarr 1.43.3 has a code problem loophole, which stems from the malicious uploading of SVG files that could lead to a storage-type cross-site script attack, which could lead to increased access.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-11-19
Last Modified
2026-02-24
References
https://github.com/homarr-labs/homarr/security/advisories/GHSA-wj62-c5gr-2x53 https://github.com/homarr-labs/homarr/commit/aaa23f37321be1e110f722b36889b2fd3bea2059 https://access.redhat.com/security/cve/cve-2025-64759
Patch
https://github.com/homarr-labs/homarr/releases
Share on: