Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Several stored XSS
Vulnerability Description
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Galette 跨站脚本漏洞
Vulnerability Description
Galette是开源的一个面向非营利组织的会员管理网络应用程序。 Galette 0.9.5 之前版本存在跨站脚本漏洞,攻击者可以存储恶意javascript代码并在自订阅页面上显示。
CVSS Information
N/A
Vulnerability Type
N/A