Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4
Vulnerability Description
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.
CVSS Information
N/A
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
VINCE 跨站脚本漏洞
Vulnerability Description
VINCE是美国CERT Coordination Center开源的一个 CERT 协调中心开发和使用的漏洞信息和协调环境。用于改进协调的漏洞披露。 CERT Coordination Center VINCE 1.50.4之前版本存在跨站脚本漏洞,该漏洞源于存在HTML 注入,攻击者利用该漏洞可以通过在主题字段中包含 HTML 内容的精心制作的电子邮件注入任意 HTML。
CVSS Information
N/A
Vulnerability Type
N/A