CNNVD-202512-3119 Information

CNNVD ID

CNNVD-202512-3119

Related CVE

CVE-2025-68115

• CNNVD Published: 2025-12-16

Description (Chinese)

Parse Server是Parse Platform开源的一个开源后端，可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 8.6.1之前版本和9.1.0-alpha.3之前版本存在跨站脚本漏洞，该漏洞源于密码重置和电子邮件验证HTML页面存在反射型跨站脚本漏洞。

Description (English)

Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Prior to Parse Server 8.6.1 and before 9.1.0-alpha.3, there was a cross-site script loophole, which stemmed from the reset password and e-mail validation of the HTML page with a reflective cross-site script gap.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Parse Platform

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/parse-community/parse-server/pull/9985 https://github.com/parse-community/parse-server/pull/9986 https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv