Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
csaf_distribution 跨站脚本漏洞
Vulnerability Description
csaf_distribution是csaf-poc开源的一组 csaf 工具。 csaf_distribution csaf_provider 0.8.2之前的版本存在安全漏洞,该漏洞源于其允许攻击者通过一个精心制作的CSAF文档上传为text/html实现跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A