Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS in OpenSlides
Vulnerability Description
OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Openslide 跨站脚本漏洞
Vulnerability Description
Openslide是Openslide组织的一个基于C语言的用来读取幻灯片文件的代码库。该软件支持svs,tif,vms,vmu,ndpi,scn,mrxs,tiff,svslide,tif,bif,tif等格式文件的读取。 OpenSlides 存在跨站脚本漏洞,该漏洞源于不充分的用户输入验证和转义,在web应用程序中,用户可以在不同的地方输入富文本,攻击者可利用该漏洞可以利用此漏洞操纵其他用户的投票,
CVSS Information
N/A
Vulnerability Type
N/A