Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RiyaLab Co., Ltd. CloudISO - Stored XSS
Vulnerability Description
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
瑞研科技 CloudISO 跨站脚本漏洞
Vulnerability Description
瑞研科技CloudISO是中国瑞研科技公司的一个应用系统。一个文件管制系统。 瑞研科技CloudISO 存在跨站脚本漏洞。该漏洞源于程序未正确过滤时间管理页面特定字段中的特殊字符,攻击者可以注入恶意JavaScript并执行存储的XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A