Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CTparental 跨站脚本漏洞
Vulnerability Description
CTparental是一个过滤网页内容的工具。可以使用黑名单或白名单过滤不当内容,可以控制浏览互联网的时间和控制设备的活跃时间。 CTparental存在跨站脚本漏洞,该漏洞源于在 bl_categires_help.php 中,categories 变量被分配了查询字符串参数 cat 的内容,没有经过清理或编码,使攻击者能够将恶意代码注入输出网页。
CVSS Information
N/A
Vulnerability Type
N/A