Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
nooba -core 跨站脚本漏洞
Vulnerability Description
noobaa-core是应用软件提供具有灵活分层、镜像和分布放置策略的 S3 对象存储接口,适用于任何允许 GET/PUT 的存储资源,包括 S3、GCS、Azure Blob、文件系统等。 nooba -core存在跨站脚本漏洞,该漏洞源于输入在应用程序响应中不加修改地发出,导致将任意JavaScript注入到应用程序的响应中。。攻击者可利用该漏洞执行客户端代码。
CVSS Information
N/A
Vulnerability Type
N/A