CNNVD-202601-949 Information

CNNVD ID

CNNVD-202601-949

Related CVE

CVE-2025-15454

• CNNVD Published: 2026-01-05

Description (Chinese)

Lettura是zhanglun个人开发者的一个RSS阅读器。 Lettura 0.1.22及之前版本存在代码注入漏洞，该漏洞源于对组件RSS Handler的文件src/components/ArticleView/ContentRender.tsx的错误操作，可能导致跨站脚本攻击。

Description (English)

Lettura is a RSS reader for zhanglun personal developers. There is a code-infusion loophole in Lettura 0.1.22 and earlier versions, which results from the wrong operation of the RSS Handler document src/components/ArticleView/ContantRender.tsx, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-01-05

Last Modified

2026-02-24

References

https://vuldb.com/?id.339487 https://github.com/zhanglun/lettura/commit/67213093db9923e828a6e3fd8696a998c85da2d4 https://vuldb.com/?ctiid.339487 https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3 https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3#proof-of-concept https://vuldb.com/?submit.725038 https://access.redhat.com/security/cve/cve-2025-15454