漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cross-site Scripting in Weblate
Vulnerability Description
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Weblate 跨站脚本漏洞
Vulnerability Description
Weblate是一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate存在跨站脚本漏洞,该漏洞源于4.11之前的版本没有正确地中和用户名和语言字段中使用的用户输入。由于这种不适当的中和,可能会通过这些字段执行跨站点脚本编写。
CVSS Information
N/A
Vulnerability Type
N/A