关键信息总结 Security ID: QSA-25-42 Title: Multiple Vulnerabilities in QuLog Center Release date: November 8, 2025 CVE Identifiers: CVE-2025-54168, CVE-2025-58469 Affected products: QuLog Center 1.8.x Severity: Moderate Status: Resolved Summary of Vulnerabilities CVE-2025-54168: Cross-site scripting (XSS) vulnerability. This could allow exploitation of the administrator account to bypass security mechanisms or read application data. CVE-2025-58469: Cross-site request forgery (CSRF) vulnerability which could allow a remote attacker to gain privileges or hijack user identities. Fixed Version Recommendation We recommend updating QuLog Center to the latest version. Updating Steps 1. Log on as an administrator to the QTS. 2. Access the App Center and locate QuLog Center. 3. Execute the update steps provided. Additional Information Vulnerabilities data available in attachment JSON files. Acknowledgements given to the researchers.