漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.
漏洞信息
N/A
漏洞
N/A
漏洞
qtweb 跨站脚本攻击漏洞
漏洞信息
QtWeb 3.0 Builds 001和003没有在HTTP响应中正确的拦截刷新眉首和location头中的javascript:URIs和数据:URIs,这使得远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及(1)注入一个包含javascript:URI的刷新头或(2)在详细说明刷新头的内容时,输入一个javascript:URI,或(3)注入一个包含data:text/html URI中的JavaScript序列的刷新头,(4)在详细说明刷新头的内容时,借助JavaScript序列输入一个
漏洞信息
N/A
漏洞
N/A