Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Liquidfiles 跨站脚本漏洞
Vulnerability Description
Liquidfiles Liquidfiles是美国Liquidfiles公司的一个用于公司和组织的大型安全文件传输和共享的存储服务。 LiquidFiles 3.3.19 之前版本存在跨站脚本漏洞,该漏洞源于当-htmlvie URL被直接访问时,作为附件上传到平台的HTML文件的不安全呈现引起了这个问题。影响范围从作为root用户在服务器上执行命令到检索有关加密电子邮件的敏感信息(取决于目标用户的权限)。
CVSS Information
N/A
Vulnerability Type
N/A