Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
Vulnerability Description
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nozomi Networks Guardian 跨站脚本漏洞
Vulnerability Description
Nozomi Networks Guardian是美国Nozomi Networks公司的一款物联网设备和软件检查系统。 Nozomi Networks Guardian 存在安全漏洞,该漏洞源于具有管理员访问权限的经过身份验证的攻击者可以在威胁情报规则的定义中注入恶意 JavaScript 代码。
CVSS Information
N/A
Vulnerability Type
N/A