Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quaonos Schema ST4 example templates prone to XSS
Vulnerability Description
Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is '*-schema.js'.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Bootstrap 跨站脚本漏洞
Vulnerability Description
Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。 Bootstrap 2019 v2版本、2021 v1版本、2022 v1版本、2022 SP1 v1版本及之前版本存在跨站脚本漏洞,该漏洞源于Quanos“SCHEMA ST4”示例web模板容易被JavaScript注入。
CVSS Information
N/A
Vulnerability Type
N/A