Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
shannah Xataface Installer install_form.js.php testftp cross site scripting
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Xataface 跨站脚本漏洞
Vulnerability Description
Xataface是Steve Hannah个人开发者的一个在 PHP 和 MySQL 中构建丰富的数据驱动应用程序的框架。 Xataface 2.x及以前版本存在跨站脚本漏洞,该漏洞源于其Installer组件的install/install_form.js.php文件的testftp函数允许攻击者实现跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A