Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Orca Browser跨站脚本攻击漏洞
Vulnerability Description
Orca Browser 1.2 build 5没有在HTTP响应中正确的拦截刷新眉首和location头中的数据:URIs,远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及注入一个包含data:text/html URI中的JavaScript序列的刷新头或在详细说明刷新头的内容时,借助JavaScript序列输入一个data:text/html URI,或注入一个包含data:text/html URI中的JavaScript序列的刷新头,或在详细说明刷新头的内容时,借助JavaScript
CVSS Information
N/A
Vulnerability Type
N/A