Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nunjucks autoescape bypass leads to cross site scripting
Vulnerability Description
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nunjucks 安全漏洞
Vulnerability Description
Nunjucks是Mozilla基金会的一款功能齐全的 JavaScript 模板引擎。 Nunjucks v3.2.4之前版本存在安全漏洞,该漏洞源于可以绕过自动转义功能提供的限制,攻击者可以使用反斜杠字符注入跨站脚本载荷。
CVSS Information
N/A
Vulnerability Type
N/A