CNNVD-202512-208 Information

CNNVD ID

CNNVD-202512-208

Related CVE

CVE-2025-65187

• CNNVD Published: 2025-12-02

Description (Chinese)

CiviCRM是一个开源的，基于云的成员关系管理 (CRM) 系统，专为满足非营利组织和基于协会的组织的需求而开发的。 CiviCRM 6.7之前版本存在安全漏洞，该漏洞源于Accounting Batches字段容易受到存储型跨站脚本攻击。

Description (English)

CivicRM is an open source, cloud-based CRM-based member relationship management (CRM) system developed to meet the needs of non-profit and association-based organizations. There was a security loophole in previous version 6.7 of CivicRM, which originated from the vulnerability of the Accounting Batches field to storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-02

Last Modified

2026-02-24

References

https://civicrm.com/ https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-65187.pdf https://access.redhat.com/security/cve/cve-2025-65187

Patch

https://civicrm.org/download