Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rhacs: cross-site scripting in portal
Vulnerability Description
A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Red Hat Advanced Cluster Management 跨站脚本漏洞
Vulnerability Description
Red Hat Advanced Cluster Management是美国红帽(Red Hat)公司的一个控制台集群控制软件。 Red Hat Advanced Cluster Management存在跨站脚本漏洞,该漏洞源于在门户中呈现表视图时,前端会生成一个 DOM 表元素,然后使用 innerHTML 填充数据。由于呈现的数据可以被控制,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A