Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Teedy - Stored Cross-Site Scripting (XSS) in Tag Name
Vulnerability Description
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Teedy 跨站脚本漏洞
Vulnerability Description
Teedy是法国的一个面向个人和企业的开源、轻量级文档管理系统。 Teedy存在跨站脚本漏洞,该漏洞源于在Teedy中,v1.5到v1.9版本容易受到以已创建标记的名义存储跨站点脚本(XSS)的攻击。由于在编辑标记页中Tag名称没有被正确地消毒,低权限的攻击者可利用该漏洞可以在Tag名称中存储恶意脚本。在最坏的情况下,无意中触发攻击的受害者是具有高度特权的管理员。注入的脚本可以提取Session ID,这可以导致管理员的完全Account接管和权限升级。
CVSS Information
N/A
Vulnerability Type
N/A