CNNVD-202601-2548 Information

CNNVD ID

CNNVD-202601-2548

Related CVE

CVE-2025-65368

• CNNVD Published: 2026-01-15

Description (Chinese)

SparkyFitness是CodeWithCJ个人开发者的一个健身与健康管理平台。 SparkyFitness v0.15.8.2版本存在安全漏洞，该漏洞源于用户输入和LLM输出处理不当，可能导致跨站脚本攻击。

Description (English)

SparkyFitness is a physical fitness and health management platform for CodeWithCJ personal developers. There is a security loophole in SparkyFitness v0.15.82, which stems from the inappropriate handling of user input and LLM output, which could lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/CodeWithCJ/SparkyFitness https://github.com/CodeWithCJ/SparkyFitness/security/advisories/GHSA-j7x6-6678-2xqp#event-521570

Patch

https://github.com/CodeWithCJ/SparkyFitness/releases