Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality
Vulnerability Description
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s browser when they enter the crafted URL. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, by an unauthenticated attacker.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Teedy 跨站脚本漏洞
Vulnerability Description
Teedy是法国的一个面向个人和企业的开源、轻量级文档管理系统。 Teedy存在跨站脚本漏洞,该漏洞源于在Teedy中,v1.5到v1.9版本容易受到以已创建标记的名义存储跨站点脚本(XSS)的攻击。由于在编辑标记页中Tag名称没有被正确地消毒,低权限的攻击者可利用该漏洞可以在Tag名称中存储恶意脚本。在最坏的情况下,无意中触发攻击的受害者是具有高度特权的管理员。注入的脚本可以提取Session ID,这可以导致管理员的完全Account接管和权限升级。
CVSS Information
N/A
Vulnerability Type
N/A