Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TrueConf Server Reflected cross site scripting
Vulnerability Description
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
TrueConf Server 跨站脚本漏洞
Vulnerability Description
TrueConf Server是俄罗斯TrueConf公司的一种自托管和安全的视频协作平台。 TrueConf Server 4.3.7版本存在安全漏洞,该漏洞源于文件 /admin/conferences/get-all-status/ 的未知代码, 参数 keys 的操作导致基本的跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A