Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sage DPW 代码问题漏洞
Vulnerability Description
Sage DPW是德国sage的一个人力资源系统。 Sage DPW 2020 06 000版本和2020 06 001版本存在安全漏洞,该漏洞源于遭受跨站点脚本和未经认证的恶意文件上传漏洞。
CVSS Information
N/A
Vulnerability Type
N/A