Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)
Vulnerability Description
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Bottelet Daybyday Crm 跨站脚本漏洞
Vulnerability Description
Bottelet Daybyday Crm是Bottelet个人开发者的一个用于任务、时间、员工、休假管理的建站系统。 Bottelet DayByDay CRM 存在跨站脚本漏洞,该漏洞源于在 DayByDay CRM 中,版本 1.1 到 2.2.1(最新)遭受应用程序范围的客户端模板注入 (CSTI)。 低权限的攻击者可以在应用程序的不同位置输入模板注入有效负载,以在客户端浏览器上执行 JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A