CNNVD-202511-880 Information
CNNVD ID
CNNVD-202511-880
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
OpenClinica Community Edition是美国OpenClinica公司的一个临床数据管理系统。 OpenClinica Community Edition 3.12.2版本和3.13版本存在安全漏洞,该漏洞源于对文件/ImportCRFData中参数xml_file的错误操作,可能导致XML注入攻击。
Description (English)
OpenClinica Community Education is a clinical data management system for OpenClinica in the United States. There is a security loophole in versions 3.12.2 and 3.13 of OpenClinica Commission, which stems from an error in the argument xml file in the document/ImportCRFData, which may result in an XML injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenClinica
Published
2025-11-10
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.331641 https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md#poc https://vuldb.com/?submit.680872 https://vuldb.com/?id.331641 https://access.redhat.com/security/cve/cve-2025-12921
Share on: