Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS vulnerability in @backstage/plugin-auth-backend
Vulnerability Description
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
backstage 跨站脚本漏洞
Vulnerability Description
backstage是一个应用软件。后台是一个开放的平台,用于构建开发者门户 Backstage 存在跨站脚本漏洞,该漏洞源于在受影响的版本中,auth-backend插件缺少针对URL参数的过滤与转义。这种攻击可能允许攻击者可利用该漏洞从用户的浏览器中窃取访问令牌或其他秘密。
CVSS Information
N/A
Vulnerability Type
N/A