Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
backbone.js 跨站脚本漏洞
Vulnerability Description
backbone.js是开源的一套JavaScript框架与RESTful JSON的应用程序接口。也是一套大致上符合MVC架构的编程范型。Backbone.js以轻量为特色,只需依赖一套Javascript 库即可运行。常被用来开发单页的互联网应用程序,以及用来维护网络应用程序的各种部分的同步。 backbone.js 0.3.3及之前版本中的‘Model#Escape’函数存在跨站脚本漏洞,该漏洞源于用于编码元字符的正则表达式没有将XML实体(例如:<)考虑在内。远程攻击者可利用该漏洞注入任意的Web
CVSS Information
N/A
Vulnerability Type
N/A