Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS vulnerability, eg for String properties.
Vulnerability Description
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Apache Isis 跨站脚本漏洞
Vulnerability Description
Apache Isis是美国阿帕奇(Apache)基金会的一个用于在 Java 中快速开发领域驱动应用程序的框架。 Apache Isis 2.0.0-M9之前的版本存在跨站脚本漏洞,该漏洞源于终端用户可以将域对象的可编辑字符串属性的值设置为在保存该值时呈现不变的值。且终端用户可以输入javascript或类似的代码然后执行。
CVSS Information
N/A
Vulnerability Type
N/A