Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml
Vulnerability Description
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
PlantUML 跨站脚本漏洞
Vulnerability Description
PlantUML是一个允许快速编写的组件。用于从文本描述生成图表。 PlantUML 1.2022.4 之前版本存在跨站脚本漏洞,该漏洞源于可以在图表中嵌入 SVG 图像。
CVSS Information
N/A
Vulnerability Type
N/A