Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Weave GitOps 跨站脚本漏洞
Vulnerability Description
Weave GitOps是Weaveworks开源的一个简单的开源开发者平台。 Weave GitOps Enterprise 0.9.0-rc.5 之前版本存在安全漏洞,该漏洞源于有跨站脚本(XSS),允许恶意用户在UI中注入javascript链接,当受害者用户点击时,脚本将在受害者的许可下执行,通过GitopsCluster仪表盘链接显示在Weave GitOps Enterprise UI中,可以将注释添加到GitopsCluster自定义资源。
CVSS Information
N/A
Vulnerability Type
N/A