Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)
Vulnerability Description
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Sysaid Technologies Sysaid 跨站脚本漏洞
Vulnerability Description
Sysaid Technologies SysAid是以色列Sysaid Technologies公司的一套IT服务管理解决方案。 Sysaid Technologies Sysaid 14.2.0版本存在跨站脚本漏洞,该漏洞源于页面 /help/treecontent.jsp 使用的参数 helpPageName 缺少过滤和转义。攻击者可能会利用该漏洞在受害者用户的浏览器会话中访问敏感信息或执行客户端代码。
CVSS Information
N/A
Vulnerability Type
N/A