Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Privoxy 跨站脚本漏洞
Vulnerability Description
Privoxy是美国Privoxy团队的一款不进行网页缓存且自带过滤功能的代理服务器。它具有高级过滤功能,可增强隐私,修改网页数据和HTTP标头,控制访问以及删除广告和其他令人讨厌的Internet垃圾。Privoxy具有灵活的配置,可以根据个人需要进行定制。它适用于独立系统和多用户网络。 Privoxy存在跨站脚本漏洞,该漏洞源于对模板名称中用户提供的数据的清理不足。攻击者可利用该漏洞诱使受害者点击精心编制的链接,并在用户浏览器中执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A