Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Script.aculo.us架构JSON JavaScript劫持信息泄露漏洞
Vulnerability Description
Script.aculo.us架构在没有开启保护机制的情况下,使用JavaScript Object Notation (JSON)来交换数据,存在敏感信息泄露漏洞。远程攻击者可以借助网页来获得数据。该网页可以通过SCRIPT元素的SRC属性中的URL来恢复数据,并且可以通过使用其他JavaScript代码,记录数据。又称"JavaScript劫持"。
CVSS Information
N/A
Vulnerability Type
N/A