Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
IrisNext 跨站脚本漏洞
Vulnerability Description
IRIS IrisNext是卢森堡IRIS公司的一个文件管理解决方案,旨在管理、保护和使用您公司的信息。 IrisNext存在安全漏洞,该漏洞允许认证(或威胁)用户在应用程序的文件夹文件名中注入恶意JavaScript,以抓取其他用户的会话或在他们的浏览器中执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A