漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Reflected Cross-Site Scripting in SAS 9.4
Vulnerability Description
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAS Stored Process Web Application 其他漏洞
Vulnerability Description
SAS Stored Process Web Application是SAS公司的一个存储过程 Web 应用程序。 SAS Stored Process Web Application 9.4_M7和9.4_M8版本存在安全漏洞,该漏洞源于/SASStoredProcess/do端点的_program参数存在反射型跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A