Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-site Scripting Vulnerability in dpaste
Vulnerability Description
dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
dpaste 跨站脚本漏洞
Vulnerability Description
dpaste是一个使用Django框架编写的Pastebin应用程序。 dpaste v3.8之前版本存在跨站脚本漏洞,该漏洞源于存在反射型跨站脚本(XSS)漏洞,攻击者利用此漏洞可以在用户浏览器的上下文中执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A