CNNVD-202512-169 Information
CNNVD ID
CNNVD-202512-169
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Aimeos GrapesJS CMS是Aimeos个人开发者的一个内容管理系统。 Aimeos GrapesJS CMS存在跨站脚本漏洞,该漏洞源于禁用CSP时可能注入JavaScript代码,可能导致存储型跨站脚本攻击。以下版本受到影响:2021.10.8之前版本、2022.10.8之前版本、2023.10.8之前版本、2024.10.8之前版本和2025.10.8之前版本。
Description (English)
Aimeos GrapesJS CMS is a content management system for Aimeos personal developers. Aimeos GrapesJS CMS has a cross-site script loophole, which stems from the possibility that JavaScript may be injected into the CSP when it is banned, which could lead to a storage-type cross-site script attack. The following versions were affected: pre-2021.10.8, pre-2022.10.8, pre-2023.10.8, pre-2024.10.8 and pre-2025.10.8.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/aimeos/ai-cms-grapesjs/security/advisories/GHSA-424m-fj2q-g7vg https://github.com/aimeos/ai-cms-grapesjs/commit/2214f71ac27cdea25f11c8adf6bb5816db47a042 https://access.redhat.com/security/cve/cve-2025-66468
Patch
https://github.com/aimeos/ai-cms-grapesjs/tags
Share on: