Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Liquidfiles 跨站脚本漏洞
Vulnerability Description
Liquidfiles Liquidfiles是美国Liquidfiles公司的一个用于公司和组织的大型安全文件传输和共享的存储服务。 LiquidFiles 3.4.15 存在跨站脚本漏洞,该漏洞源于如果文件没有扩展名,并且包含恶意的HTML JavaScript,则在单击时执行有效负载。
CVSS Information
N/A
Vulnerability Type
N/A