Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lorensbergs Connect2 跨站脚本漏洞
Vulnerability Description
Lorensbergs Connect2是英国Lorensbergs公司的一个所有大学校园资源、活动和学生服务的一站式预订软件解决方案。 Lorensbergs Connect2 3.13.7647.20190版本存在跨站脚本漏洞,该漏洞源于向导编辑器中对于“页面标题”、“页面说明”、“文本之前”、“文本之后”或“文本在旁边”缺少有效的过滤和转义。
CVSS Information
N/A
Vulnerability Type
N/A