Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites
Vulnerability Description
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
October CMS 跨站脚本漏洞
Vulnerability Description
October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统(CMS)。 October 1.0.319及之后版本(已在1.0.467版本中修复)中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
CVSS Information
N/A
Vulnerability Type
N/A