Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Papermerge 跨站脚本漏洞
Vulnerability Description
Papermerge是德国Papermerge公司的一个基于Django3.1的在线文档管理系统。 Papermerge 1.5.2之前版本存在跨站脚本漏洞,攻击者可利用该漏洞通过重命名、标记、上传或创建文件夹功能注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A