漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
DOM based XSS Vulnerability in Apache Knox
Vulnerability Description
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Apache Knox SSO 跨站脚本漏洞
Vulnerability Description
Knox Sso是美国阿帕奇(Apache)基金会的用于为您的集群提供 Web Ui Sso(单点登录)功能。 Apache Knox SSO 存在安全漏洞,该漏洞源于 URL 解析不正确,可能会制作请求以将用户重定向到恶意页面。 包含特制请求参数的请求可用于将用户重定向到攻击者控制的页面。 此 URL 需要通过 XSS 或网络钓鱼活动在正常请求流之外呈现给用户。
CVSS Information
N/A
Vulnerability Type
N/A