CNNVD-202601-948 Information
CNNVD ID
CNNVD-202601-948
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
wangmarket是中国xnx3个人开发者的一个私有化部署自己的 SAAS 云建站系统。 wangmarket 4.9及之前版本存在代码注入漏洞,该漏洞源于对组件System Variables Page的文件/admin/system/variableSave.do中参数Description的错误操作,可能导致跨站脚本攻击。
Description (English)
Wangmarket is a privatized xx3 individual developer in China that deploys its own SAAS cloud station system. There is a code-infusion loophole in Wangmarket 4.9 and previous versions, which stems from the error of the parameter Description in the System Variables Page file/admin/system/variableSave.do, which may result in a cross-site script attack.
Hazard Level
Critical
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2026-01-05
Last Modified
2026-02-24
References
https://www.yuque.com/cocount-eveo/lu0220/eg6s9gropfwtoz9w?singleDoc https://vuldb.com/?ctiid.339484 https://vuldb.com/?submit.724838 https://vuldb.com/?id.339484 https://access.redhat.com/security/cve/cve-2025-15451
Patch
https://www.wang.market/down.html
Share on: