Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title
Vulnerability Description
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Daybyday CRM 跨站脚本漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Daybyday CRM 中存在跨站脚本漏洞,该漏洞源于产品新任务的标题字段未对用户输入数据做有效验证。攻击者可通过诱导用户打开任务页面查看所有任务时触发该漏洞导致客户端代码执行。 以下产品及版本受到影响:Daybyday CRM 2.2.0 版本。
CVSS Information
N/A
Vulnerability Type
N/A