Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Change Request Application vulnerable to XSS and remote code execution through change request title
Vulnerability Description
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It's possible to workaround the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Change Request 跨站脚本漏洞
Vulnerability Description
Change Request是XWiki Contrib开源的一个库。 Change Request 存在跨站脚本漏洞,该漏洞源于没有任何特定权限的用户只需在创建新的变更请求时插入适当的标题即可执行脚本注入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A