Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS
Vulnerability Description
The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Larvata Flygo 跨站脚本漏洞
Vulnerability Description
Larvata Flygo是台湾Larvata公司的一款出勤打卡软件。 Larvata Flygo 存在跨站脚本漏洞,该漏洞源于Flygo的公告功能在添加新公告时不过滤特殊字符。远程攻击者可利用该漏洞和普通用户的凭证来注入JavaScript并执行存储的XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A