N/A

RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16.

N/A

N/A

RisingStack protect 跨站脚本漏洞

RisingStack protect是一款使用在Node.js中的主动防护模块，它能够防护SQL注入攻击、XSS攻击和暴力破解等攻击行为。 RisingStack protect 1.2.0及之前版本中的lib/rules/xss.js文件的‘isXss()’函数存在跨站脚本漏洞，该漏洞源于程序将危险的跨站脚本字符串验证为安全。远程攻击者可利用该漏洞向Web页面注入恶意的脚本。

N/A

N/A