CNNVD-202601-3283 Information

CNNVD ID

CNNVD-202601-3283

Related CVE

CVE-2025-40679

• CNNVD Published: 2026-01-20

Description (Chinese)

Bdtask Isshue是Bdtask公司的一个多商店电子商务购物车软件。 Bdtask Isshue存在跨站脚本漏洞，该漏洞源于对发送到/category_product_search的POST请求中product_name参数的用户输入缺乏验证，可能导致HTML注入。

Description (English)

Bdtask Isshue is a multi-storey e-commerce car software for Bdtask. Bdtask Isshue has a cross-site script loophole, which results from a lack of validation of the user input of the protocol name parameter in the POST request sent to/category project search, which may lead to HTML injection.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Bdtask

Published

2026-01-20

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/html-injection-isshue-bdtask