Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenCats 跨站脚本漏洞
Vulnerability Description
steal是StealJS开源的一个可扩展的通用模块加载器。可以加载以 ES6、AMD 和 CommonJS 格式定义的 JavaScript 模块。 OpenCats 0.9.6版本存在安全漏洞,该漏洞源于输入中和不当,攻击者利用该漏洞可以窃取会话令牌。
CVSS Information
N/A
Vulnerability Type
N/A