CNNVD-202512-3322 Information
CNNVD ID
CNNVD-202512-3322
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
linkding是Sascha Ißbrücker个人开发者的一个可以自己托管的书签管理器。 linkding存在安全漏洞,该漏洞源于书签和资产渲染管道中的文件上传功能允许上传包含JavaScript内容的恶意SVG文件,可能导致管理员查看时执行JavaScript并获取CSRF令牌,从而更改密码并导致账户接管。
Description (English)
Linking is a bookmark manager for Sascha Ièbrücker’s personal developer. Linking has a security loophole, which stems from the uploading of documents in bookmarks and asset rendering conduits, which allows the uploading of malicious SVG files containing JavaScript content, which may result in JavaScript being executed by the administrator and obtaining a CSRF token, thereby changing the password and leading to the account taking over.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-12-18
Last Modified
2026-02-24
References
https://www.cve.org/cverecord?id=CVE-2025-14202 https://access.redhat.com/security/cve/cve-2025-14202
Patch
https://github.com/sissbruecker/linkding/releases
Share on: