CNNVD-202511-2942 Information

CNNVD ID

CNNVD-202511-2942

Related CVE

CVE-2025-54057

• CNNVD Published: 2025-11-27

Description (Chinese)

Apache SkyWalking是美国阿帕奇（Apache）基金会的一款主要用于微服务、云原生和基于容器等环境的应用程序性能监视器。 Apache SkyWalking 10.2.0及之前版本存在安全漏洞，该漏洞源于未正确处理脚本相关HTML标签，可能导致基本跨站脚本攻击。

Description (English)

Apache SkyWalking is an application performance monitor for micro-services, clouds and container-based environments for the Apache Foundation. There is a security gap in Apache SkyWalking 10.2.0 and earlier versions, which stems from the incorrect handling of script-related HTML tags, which could lead to a basic cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-11-27

Last Modified

2026-02-24

References

https://lists.apache.org/thread/sl2x2tx8y007x0mo746yddx2lvnv9tcr http://www.openwall.com/lists/oss-security/2025/11/27/1 https://access.redhat.com/security/cve/cve-2025-54057

Patch

https://skywalking.apache.org/