CNNVD-202601-3938 Information

CNNVD ID

CNNVD-202601-3938

Related CVE

CVE-2026-24127

• CNNVD Published: 2026-01-23

Description (Chinese)

Typemill是Typemill开源的一款适用于微出版商的轻量级平面文件 cms。 Typemill 2.19.1及之前版本存在安全漏洞，该漏洞源于登录错误视图模板中用户名值缺少上下文编码，可能导致反射型跨站脚本攻击。

Description (English)

Typemill is a lightweight flat-level file, cms, for micro publishers. There is a security loophole in Typemill 2.19.1 and earlier versions, which stems from the lack of context code for the user name in the login error view template, which may result in a cross-station scrip attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Typemill

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/typemill/typemill/commit/b506acd11e80fb9c8db5fa6c2c8ad73580b4e88c https://github.com/typemill/typemill/security/advisories/GHSA-65x4-pjhj-r8wr https://github.com/typemill/typemill/releases/tag/v2.19.2 https://access.redhat.com/security/cve/cve-2026-24127

Patch

https://typemill.net/