CNNVD-202512-1084 Information
CNNVD ID
CNNVD-202512-1084
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.0.0-rc.1版本至4.7.0版本存在跨站脚本漏洞,该漏洞源于post_logout_redirect参数处理不当,可能导致基于DOM的跨站脚本攻击。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. ZITADEL Versions 4.0.0-rc.1 to 4.7.0 have a cross-site script loophole, which stems from the mishandling of the post logout reddirect parameters and may lead to a DOM-based cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
ZITADEL
Published
2025-12-09
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/security/advisories/GHSA-v959-qxv6-6f8p https://github.com/zitadel/zitadel/commit/4c879b47334e01d4fcab921ac1b44eda39acdb96 https://access.redhat.com/security/cve/cve-2025-67495
Patch
https://github.com/zitadel/zitadel/releases
Share on: