Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CKAN - Stored Cross-Site Scripting (XSS) via SVG File Upload
Vulnerability Description
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Ckan 跨站脚本漏洞
Vulnerability Description
Ckan是一个开源 Dms(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN 2.9.0到2.9.3版本存在跨站脚本漏洞,攻击者可以通过上传用户头像的SVG文件进行攻击。
CVSS Information
N/A
Vulnerability Type
N/A