CNNVD-202601-2375 Information

CNNVD ID

CNNVD-202601-2375

Related CVE

CVE-2025-71165

• CNNVD Published: 2026-01-14

Description (Chinese)

Typesetter CMS是Typesetter开源的一个内容管理系统。 Typesetter CMS 5.1及之前版本存在跨站脚本漏洞，该漏洞源于对path参数清理和转义不足，可能导致反射型跨站脚本攻击。

Description (English)

Typesetter CMS is an open-source content management system. There is a cross-site script loophole in Typesetter CMS 5.1 and earlier versions, which arises from inadequate clearance and transposition of path parameters, which may lead to a cross-station script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Typesetter

Published

2026-01-14

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/typesetter-cms-reflected-xss-via-status-php https://github.com/Typesetter/Typesetter/issues/709 https://access.redhat.com/security/cve/cve-2025-71165