漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Teedy - Stored Cross-Site Scripting (XSS) in Tag Name
Vulnerability Description
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Teedy 跨站脚本漏洞
Vulnerability Description
Teedy是法国的一个面向个人和企业的开源、轻量级文档管理系统。 Teedy存在跨站脚本漏洞,该漏洞源于在Teedy中,v1.5到v1.9版本容易受到以已创建标记的名义存储跨站点脚本(XSS)的攻击。由于在编辑标记页中Tag名称没有被正确地消毒,低权限的攻击者可利用该漏洞可以在Tag名称中存储恶意脚本。在最坏的情况下,无意中触发攻击的受害者是具有高度特权的管理员。注入的脚本可以提取Session ID,这可以导致管理员的完全Account接管和权限升级。
CVSS Information
N/A
Vulnerability Type
N/A