Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vera VeraEdge和Veralite 安全漏洞
Vulnerability Description
Vera VeraEdge 1.7.19版本和Veralite 1.7.481版本中存在安全漏洞,该漏洞源于程序没有对‘RedirectURL’参数执行严格的输入验证。攻击者可利用该漏洞在应用程序上执行客户端脚本。
CVSS Information
N/A
Vulnerability Type
N/A