Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Black Duck Hub 跨站脚本漏洞
Vulnerability Description
SYNOPSYS Black Duck Hub(Open Hub)是美国SYNOPSYS公司的一个网络社区平台。提供 Web 服务套件。 Black Duck Hub 存在跨站脚本漏洞,该漏洞源于在帮助文档中嵌入的 MadCap Flare框架对用户输入缺乏正确的验证。攻击者可以通过诱使用户单击恶意输入到界面的链接来利用此漏洞进行跨站点脚本攻击并获得对基于浏览器的敏感信息的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A