CNNVD-202601-936 Information
CNNVD ID
CNNVD-202601-936
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
vaadin是Vaadin开源的一个用于Web应用程序开发的开源平台。Vaadin 平台包括一组Web 组件、一个 Java Web 框架以及一组工具和应用程序启动器。 vaadin 7.7.49及之前版本、8.29.1及之前版本、23.6.5及之前版本、24.8.13及之前版本和24.9.6及之前版本存在安全漏洞,该漏洞源于操作标题默认接受HTML但未清理,可能导致跨站脚本攻击。
Description (English)
Vaadin is an open-source platform for Web application development in Vaadin open source. The Vaadin platform consists of a set of Web components, a Java Web framework and a set of tools and application starters. Vaadin 7.7.49 and previous versions, 8.29.1 and earlier versions, 23.6.5 and earlier versions, 24.8.13 and earlier versions and 24.9.6 and earlier versions had a security loophole, which stemmed from the fact that the operational title had tacitly accepted HTML but not been cleared, and could result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Vaadin
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/vaadin/flow-components/pull/8285 https://vaadin.com/security/cve-2025-15022 https://access.redhat.com/security/cve/cve-2025-15022
Patch
https://vaadin.com/security/cve-2025-15022
Share on: