Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS Vulnerability in File Name of the File Upload function
Vulnerability Description
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Crafter CMS 跨站脚本漏洞
Vulnerability Description
Crafter CMS是一套面向数字体验应用程序的开源内容管理系统(CMS)。 Crafter CMS 存在安全漏洞,该漏洞源于具有Site角色的经过身份验证的用户可以通过将在浏览器中为该用户和同一站点的其他用户执行的文件名注入XSS脚本。
CVSS Information
N/A
Vulnerability Type
N/A