Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS via attribute in convos
Vulnerability Description
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nordaaker Convos 跨站脚本漏洞
Vulnerability Description
Nordaaker Convos是挪威Nordaaker公司的一款基于Web浏览器的开源多用户聊天应用程序。 Nordaaker Convos存在跨站脚本漏洞,该漏洞源于软件对于聊天窗口中的标签括号引号缺少有效的过滤和转义,导致存储型跨站脚本漏洞。通过该漏洞,攻击者能够执行恶意脚本。
CVSS Information
N/A
Vulnerability Type
N/A