CNNVD-202511-763 Information

CNNVD ID

CNNVD-202511-763

Related CVE

CVE-2025-64442

• CNNVD Published: 2025-11-07

Description (Chinese)

HumHub是HumHub开源的一套基于Yii PHP框架编写的开源社交网络软件。 HumHub 1.17.4之前版本存在跨站脚本漏洞，该漏洞源于Meta-Search功能中存在跨站脚本漏洞，可能导致恶意输入在搜索预览中执行。

Description (English)

HumHub is an open-source social network software package based on the YiPHP framework developed by HumHub Open Source. The pre-HumHub 1.17.4 version had a cross-site script loophole, which stemmed from a cross-site script gap in the Meta-Search function, which could lead to malicious input into the search preview.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

HumHub

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/humhub/humhub/security/advisories/GHSA-2hgp-33j2-93cc https://github.com/humhub/humhub/releases/tag/v1.17.4 https://github.com/humhub/humhub/pull/7814 https://access.redhat.com/security/cve/cve-2025-64442

Patch

https://github.com/humhub/humhub/releases