Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
OpenWrt LuCI 跨站脚本漏洞
Vulnerability Description
OpenWrt LuCI是一款用于OpenWrt(Linux发行版)的图形化配置界面。 OpenWrt LuCI 22.10_b202303061504及之前版本存在跨站脚本漏洞,该漏洞源于容易受到跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A