CNNVD-202601-1600 Information
CNNVD ID
CNNVD-202601-1600
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GESTSUP是法国GESTSUP公司的一个应用软件。是100%基于Web的SUPport MANAGEMENT软件,它可以管理票证和设备。 GESTSUP 3.2.56及之前版本存在跨站脚本漏洞,该漏洞源于API错误日志记录功能中存在缺陷,可能导致未经身份验证的攻击者注入HTML或javascript代码,并在管理员查看日志时执行任意脚本。
Description (English)
GESTSUP is an application of the French company GESTSUP. It’s 100% Web-based SUPport MANAGEMENT software that can manage tickets and equipment. GESTSUP 3.2.56 and previous versions had a cross-site script loophole, which stemmed from deficiencies in the API error log recording function, which could result in unidentified assailants being injected into HTML or javascript code and performing random scripts when the administrator viewed the log.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
GESTSUP
Published
2026-01-09
Last Modified
2026-02-24
References
https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-stored-xss-in-api-error-logs
Patch
https://gestsup.fr/index.php?page=changelog
Share on: