CNNVD-202602-1299 Information

CNNVD ID

CNNVD-202602-1299

Related CVE

CVE-2026-25491

• CNNVD Published: 2026-02-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-RC1版本至5.8.21版本存在跨站脚本漏洞，该漏洞源于条目类型名称未清理，可能导致存储型跨站脚本攻击。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS version 5.0.0-RC1 to version 5.8.21 contains a cross-site script loophole, which results from the uncleaned name of the entry type, which may result in a storage-type cross-site script attack.

Vulnerability Type

跨站脚本

Affected Vendor

Craft CMS

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/commit/cfd6ba0e2ce1a59a02d75cae6558c4ace1ab8bd4 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-7pr4-wx9w-mqwr

Patch

https://github.com/craftcms/cms/releases