Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters
Vulnerability Description
RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
RSSHub 跨站脚本漏洞
Vulnerability Description
RSSHub是由Node.js编写的RSS源生成器,在MIT许可证下发行,由DIYgod及其他GitHub用户维护。 RSSHub存在跨站脚本漏洞。攻击者利用该漏洞执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A