Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Facebook HHVM‘WddxPacket::recursiveAddVar’跨站脚本漏洞
Vulnerability Description
Facebook HHVM(又名HipHop Virtual Machine)是美国Facebook公司的一款能够显著提高PHP加载动态页面性能的虚拟机。 Facebook HHVM 3.5.0之前版本的‘WddxPacket::recursiveAddVar’函数中存在跨站脚本漏洞,该漏洞源于‘wddx_serialize_value’函数没有充分过滤特制的字符串。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A