Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SysJust CTS Web - Reflected XSS
Vulnerability Description
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CTS Web transaction system 跨站脚本漏洞
Vulnerability Description
嘉实资讯 CTS Web transaction system是台湾嘉实资讯公司的一款CTS Web 交易系統。 CTS Web transaction system 中存在跨站脚本漏洞,该漏洞源于该交易系统的具体功能参数不过滤特殊字符。攻击者在不经过身份认证的前提下可利用该漏洞可以远程执行反射跨站,获取触发攻击的用户连接令牌。
CVSS Information
N/A
Vulnerability Type
N/A