漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HTML/XSS injection possibilities in Part-DB
Vulnerability Description
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
part-db 跨站脚本漏洞
Vulnerability Description
part-db是一个基于 Web 的数据库,用于管理电子元件。 part-db 1.0.2之前版本存在安全漏洞,该漏洞源于没有正确转义用户输入,攻击者利用该漏洞可以将任意HTML注入页面。
CVSS Information
N/A
Vulnerability Type
N/A