Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arduino Create Agent vulnerable to Reflected Cross-Site Scripting
Vulnerability Description
The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint `/certificate.crt` and the way the web interface of the ArduinoCreateAgent handles custom error messages. An attacker that is able to persuade a victim into clicking on a malicious link can perform a Reflected Cross-Site Scripting attack on the web interface of the create agent, which would allow the attacker to execute arbitrary browser client side code. Version 1.3.6 contains a fix for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Arduino 跨站脚本漏洞
Vulnerability Description
Arduino是Arduino项目的一款微控制器板。 Arduino Create Agent 1.3.6之前版本存在跨站脚本漏洞,该漏洞源于容易受到反射型跨站脚本攻击,允许攻击者在浏览器客户端执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A