Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
qtweb 跨站脚本攻击漏洞
Vulnerability Description
QtWeb 3.0 Builds 001和003没有在HTTP响应中正确的拦截刷新眉首和location头中的javascript:URIs和数据:URIs,这使得远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及(1)注入一个包含javascript:URI的刷新头或(2)在详细说明刷新头的内容时,输入一个javascript:URI,或(3)注入一个包含data:text/html URI中的JavaScript序列的刷新头,(4)在详细说明刷新头的内容时,借助JavaScript序列输入一个
CVSS Information
N/A
Vulnerability Type
N/A