CNNVD-202512-427 Information
Dec 04, 2025
cve
CNNVD ID
CNNVD-202512-427
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Syslifters Sysreptor是Syslifters公司的一个渗透测试报告平台。 Syslifters Sysreptor 2025.102之前版本存在跨站脚本漏洞,该漏洞源于认证用户可通过上传恶意JavaScript文件实施存储型跨站脚本攻击。
Description (English)
Syslifters Sysreptor is a infiltration test reporting platform for Syslifters. The pre-version version of Syslifters Sysreptor 2025.102 had a cross-site script loophole, which originated from a storage-type cross-site attack by a certified user by uploading a malicious JavaScript file.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Syslifters
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/Syslifters/sysreptor/security/advisories/GHSA-64vw-v5c4-mgvm
Patch
https://github.com/Syslifters/sysreptor/releases
Share on: