CNNVD-202512-2395 Information
CNNVD ID
CNNVD-202512-2395
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
Japan Total System GroupSession Free edition等都是日本Japan Total System公司的一个企业协作软件。 Japan Total System多款产品存在跨站脚本漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致任意脚本在用户浏览器中执行。以下产品及版本受到影响:GroupSession Free edition 5.7.1之前版本、GroupSession byCloud 5.7.1之前版本和GroupSession ZION 5.7.1之前版本。
Description (English)
Papan Total System Group Session Free edict is a collaborative business software for Japan Total System. There is a cross-site script loophole in the Jepan Total System multi-product, which originates in a storage-type cross-site script loophole, which may result in any script being executed in a user browser. The following products and versions have been affected: pre-Groupsession Free extension 5.7.1, pre-Groupsession by Cloud 5.7.1 and pre-Groupsession ZION 5.7.1.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Japan Total System
Published
2025-12-12
Last Modified
2026-02-24
References
https://groupsession.jp/info/info-news/security20251208 https://jvn.jp/en/jp/JVN19940619/
Patch
https://groupsession.jp/dl/dl.html
Share on: