Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS Injection in Media Collection Title was possible
Vulnerability Description
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SULU Sulu 跨站脚本漏洞
Vulnerability Description
SULU Sulu是奥地利Sulu(SULU)公司的一款可扩展的、基于PHP的开源内容管理系统上的Symfony框架。 Sulu 中存在跨站脚本漏洞,该漏洞源于 collection title 未对用户输入数据做安全验证,攻击者在登陆admin账户后可通过输入恶意脚本来使受害者端代码执行。以下产品及版本受到影响:Sulu 1.6.41 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A