CNNVD-202512-3804 Information

CNNVD ID

CNNVD-202512-3804

Related CVE

CVE-2025-68457

• CNNVD Published: 2025-12-19

Description (Chinese)

Orejime是Boscop开源的一个用户同意管理工具。 Orejime 2.3.2之前版本存在跨站脚本漏洞，该漏洞源于data属性中嵌入javascript代码，可能导致执行恶意代码。

Description (English)

Orejime is a user consent management tool for open-source Boscop. Pre-Orejime 2.3.2 has a cross-site script loophole, which stems from the embedding of javascript code in the Data Properties, which may lead to the implementation of malicious codes.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Boscop

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/boscop-fr/orejime/issues/142 https://github.com/boscop-fr/orejime/pull/143 https://github.com/boscop-fr/orejime/security/advisories/GHSA-72mh-hgpm-6384 https://access.redhat.com/security/cve/cve-2025-68457

Patch

https://github.com/boscop-fr/orejime/tags