CNNVD-202602-1940 Information
Feb 11, 2026
cve
CNNVD ID
CNNVD-202602-1940
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
Phraseanet是Alchemy开源的一个数字资产管理系统。 Phraseanet 4.0.3版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致上传特制文件名时注入恶意脚本,窃取cookie或重定向用户。
Description (English)
Pharaseenet is an open source digital asset management system for Alchemy. Phrasenet version 4.0.3 contains a cross-site script loophole, which originates in a storage-type cross-site script and may lead to the introduction of malicious scripts, the theft of cookies or the re-direction of users when ad hoc filenames are uploaded.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Alchemy
Published
2026-02-11
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/46935 https://www.phraseanet.com https://www.phraseanet.com/en/download/ https://www.vulncheck.com/advisories/phraseanet-stored-xss-via-document-upload
Patch
https://www.phraseanet.com/en/download/
Share on: