Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
smashing 跨站脚本漏洞
Vulnerability Description
smashing是一个应用软件。一个基于 Sinatra 的框架。 Smashing 1.3.4存在跨站脚本漏洞,该漏洞源于可以为小部件制作一个URL,并用于在受害者的计算机上执行JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A