Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Huntflow Enterprise 信息泄露漏洞
Vulnerability Description
Huntflow Enterprise是俄罗斯Huntflow公司的一个高效招聘软件。 Huntflow Enterprise 存在信息泄露漏洞,该漏洞源于登录页面中的信息泄露漏洞可能允许未经身份验证的远程用户获取有关已配置 LDAP 服务器域名的信息。 攻击者可以通过请求登录页面并在 HTML 源代码中搜索“isLdap”JavaScript 参数来利用此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A