CNNVD-202602-1824 Information

CNNVD ID

CNNVD-202602-1824

Related CVE

CVE-2026-25935

• CNNVD Published: 2026-02-11

Description (Chinese)

Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 1.1.0之前版本存在安全漏洞，该漏洞源于TaskGlanceTooltip.vue中缺少转义，可能导致恶意用户通过悬停触发跨站脚本。

Description (English)

Vikunja is a to-do application from the Vikunja Open Source. There was a security loophole in the pre-Vikunja 1.1.0 version, which stemmed from a lack of transposition in TaskGlanceTooltip.vue, which could lead to malicious users triggering a cross-site script through suspension.

Vulnerability Type

其他

Affected Vendor

Vikunja

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/go-vikunja/vikunja/commit/dd0b82f00a8c9ded1c19a1e643a197c514be6d37 https://github.com/go-vikunja/vikunja/releases/tag/v1.1.0 https://github.com/go-vikunja/vikunja/security/advisories/GHSA-m4g2-2q66-vc9v https://vikunja.io/changelog/vikunja-v1.1.0-was-released

Patch

https://vikunja.io/docs/installing/