Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Armorlogic Profense Web应用防火墙多个跨站脚本漏洞
Vulnerability Description
Profense是集成了负载均衡技术的Web应用防火墙。 配置为negative model模式(黑名单)和positive模式(白名单)的Profense Web应用防火墙中存在多个跨站脚本攻击漏洞,远程攻击者可以通过在URL请求中包含修改过的SCRIPT元素结尾标签或%0A(编码的换行符)绕过XSS保护机制,在用户浏览器会话中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A