Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Varnish HTTP Accelerator Integration模块脚本插入漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中的Varnish HTTP Accelerator Integration模块6.x-1.2之前的6.x-1.x版本中存在脚本插入漏洞,该漏洞源于与配置设置相关的某些输入使用之前程序没有正确验证。攻击者利用该漏洞查看恶意数据时,在受影响站点上下文中用户浏览器会话上插入任意HTML和脚本代码。成功的利用需要‘Administer Varnish’权限。
CVSS Information
N/A
Vulnerability Type
N/A