漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
Vulnerability Description
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
Web页面属性中脚本转义处理不恰当
Vulnerability Title
XWiki Platform 跨站脚本漏洞
Vulnerability Description
XWiki Platform是法国XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 14.6-rc-1 之前版本存在安全漏洞,该漏洞源于HTML 呈现不检查危险属性/属性值,导致通过属性和链接 URL 可以进行跨站脚本 (XSS) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A