Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Galaxy server 跨站脚本漏洞
Vulnerability Description
Galaxy是一套用于访问、重现和分析生物医学的基于Web的开源系统。Galaxy server是其中的一个服务器。 Galaxy 14.10版本中的Galaxy server的多个模板存在跨站脚本漏洞,该漏洞源于程序没有正确的过滤用户的输入。远程攻击者可通过创建URL利用该漏洞执行任意的Javascript代码。
CVSS Information
N/A
Vulnerability Type
N/A