Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting (XSS) attacks via the (1) html content and (2) rich_editor fields. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DaDaBIK跨站脚本攻击漏洞
Vulnerability Description
DaDaBIK 是一个 PHP 应用,可轻松创建一个高可定制的数据库的Web前端,可对数据进行搜索、增删改操作;仅需要提供一些很简单的配置信息,支持的数据库包括 MySQL、PostgreSQL、Oracle 和 SQL Server ,支持多语言。 DaDaBIK 4.3 beta3版本,当运行在大小写敏感的环境中时,不能包含htmLawed库。远程攻击者可以借助(1)html内容以及(2)rich_editor域绕过针对CVE-2010-4355的保护机制以及进行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A