Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
Vulnerability Description
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Single Sign On Client 跨站脚本漏洞
Vulnerability Description
Single Sign On Client是Decentraland开源的一个单点登录客户端。 Single Sign On Client 0.1.0之前版本存在跨站脚本漏洞,该漏洞源于不正确输入验证,允许执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A