CNNVD-202601-3202 Information
CNNVD ID
CNNVD-202601-3202
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
XDocReport是opensagres开源的一个XML文档报告软件。 XDocReport 1.0.0版本至2.1.0版本存在安全漏洞,该漏洞源于FreeMarker组件存在服务器端模板注入,可能导致通过注入特制模板表达式执行任意代码。
Description (English)
XDocReport is an XML document reporting software from the open source of open-source open-source open-source open-sources. There is a security loophole in the XDocReport, Versions 1.0.0 to 2.1.0, which stems from the injection of a server-end template into the FreeMarter component, which may lead to the implementation of any code through the injection of a specific template expression.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
opensagres
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/AT190510-Cuong/CVE-2025-64087-SSTI- https://github.com/opensagres/xdocreport https://github.com/opensagres/xdocreport/pull/705 https://hackmd.io/@cuongnh/BJEnw7SAlg https://hackmd.io/@cuongnh/SkQvhEf0lx https://access.redhat.com/security/cve/cve-2025-64087
Patch
https://github.com/opensagres/xdocreport/tags
Share on: