CNNVD-202512-2703 Information

CNNVD ID

CNNVD-202512-2703

Related CVE

CVE-2025-65778

• CNNVD Published: 2025-12-15

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 18.15及之前版本存在安全漏洞，该漏洞源于上传的附件可以使用攻击者控制的Content-Type，可能导致执行攻击者提供的HTML或JS。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 18.15 and previous versions had a security loophole, which originated from an uploaded annex that could use the attacker-controlled Content-Type and could lead to the execution of the attacker ’ s HTML or JS.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WeKan

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/wekan/wekan https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan–release https://github.com/wekan/wekan/commit/e9a727301d7b4f1689a703503df668c0f4f4cab8 https://wekan.fi/hall-of-fame/spacebleed/ https://access.redhat.com/security/cve/cve-2025-65778

Patch

https://github.com/wekan/wekan/releases