CNNVD-202601-947 Information
CNNVD ID
CNNVD-202601-947
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
wangmarket是中国xnx3个人开发者的一个私有化部署自己的 SAAS 云建站系统。 wangmarket 4.9及之前版本存在代码注入漏洞,该漏洞源于对组件Backend Variable Search的文件/admin/system/variableList.do中函数variableList的参数Description的错误操作,可能导致跨站脚本攻击。
Description (English)
Wangmarket is a privatized xx3 individual developer in China that deploys its own SAAS cloud station system. There is a code-infusion loophole in Wangmarket 4.9 and earlier versions, which results from a mishandling of the parameters of the variableList function in the file/admin/system/variableList.do of component Backend Variable Sach, which may result in a cross-stop script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2026-01-05
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.339485 https://vuldb.com/?id.339485 https://www.yuque.com/cocount-eveo/lu0220/flbu025pfmwgudmg?singleDoc https://vuldb.com/?submit.724840 https://access.redhat.com/security/cve/cve-2025-15452
Patch
https://www.wang.market/down.html
Share on: