Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
elinicksic Razgover Chat Message send.php cross site scripting
Vulnerability Description
A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The name of the patch is 995dd89d0e3ec5522966724be23a5d58ca1bdac3. Applying a patch is advised to resolve this issue. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Razgover 代码注入漏洞
Vulnerability Description
Razgover是Eli Nicksic个人开发者的一个在线消息应用程序。 Razgover存在代码注入漏洞,该漏洞源于对文件Chattify/send.php中参数msg的错误操作,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A