Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Serenity Serene 跨站脚本漏洞
Vulnerability Description
Serenity Serene是serenity开源的是一个 ASP.NET Core / TypeScript 应用程序平台。 Serenity Serene(StartSharp)6.7.0之前版本存在安全漏洞,该漏洞源于当用户上传临时文件时,某些特定的文件后缀是不允许的,但可以上传包含 XSS 负载的 .html 或 .htm 文件。
CVSS Information
N/A
Vulnerability Type
N/A