Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NukeViet CMS Data URL Request.php filterAttr cross site scripting
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
对消息或数据结构的处理不恰当
Vulnerability Title
Vinades NukeViet 安全漏洞
Vulnerability Description
Vinades NukeViet是越南Vinades公司的一套开源的内容管理系统(CMS)。 Vinades NukeViet CMS存在安全漏洞,该漏洞源于Data URL Handler组件的vendor/vinades/nukeviet/Core/Request.php文件中的filterAttr函数受到影响,对参数attrSubSet的操作会导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A