Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variable in a novoChamado action to ticket.do.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JExperts Channel Platform 跨站脚本漏洞
Vulnerability Description
JExperts Channel Platform是巴西JExperts公司的一套软件项目管理平台,它提供战略规划、项目管理、运营和协作等模块。 JExperts Channel Platform 5.0.33_CCB版本中存在跨站脚本漏洞,该漏洞源于程序执行editarUsuario操作时,usuario.do文件没有充分过滤‘usuario.nome’变量;程序执行novoChamado操作时,ticket.do文件没有充分过滤‘titulo.form’变量。远程攻击者可利用该漏洞注入任意Web脚本或
CVSS Information
N/A
Vulnerability Type
N/A