CNNVD-202601-5023 Information

CNNVD ID

CNNVD-202601-5023

Related CVE

CVE-2026-25154

• CNNVD Published: 2026-01-30

Description (Chinese)

LocalSend是LocalSend开源的一个 AirDrop 的开源跨平台替代方案。 LocalSend 1.17.0及之前版本存在跨站脚本漏洞，该漏洞源于Web界面客户端逻辑存在跨站脚本风险，可能导致恶意文件列表HTML执行攻击。

Description (English)

LocalSend is an open source cross-platform alternative for AirDrop, a LocalSend open source. There is a cross-site script loophole in the LocalSend 1.17.0 and earlier versions, which stems from the risk of a cross-site script from the web interface client logic, which could lead to an attack on the malicious file list HTML.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

LocalSend

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/localsend/localsend/commit/8f3cec85aa29b2b13fed9b2f8e499e1ac9b0504c https://github.com/localsend/localsend/security/advisories/GHSA-34v6-52hh-x4r4 https://access.redhat.com/security/cve/cve-2026-25154