CVE-2025-45236
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
DBSyncer(简称dbs)是一款开源的数据同步中间件,提供MySQL、Oracle、SqlServer、PostgreSQL、Elasticsearch(ES)、Kafka、File、SQL等同步场景。支持上传插件自定义同步转换业务,提供监控全量和增量数据统计图、应用性能预警等。
GitHub