Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter
Vulnerability Description
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Webgrind 跨站脚本漏洞
Vulnerability Description
Webgrind是Joakim Nygård个人开发者的一款基于Web的PHP性能分析工具。 Webgrind 1.1及之前版本存在跨站脚本漏洞,该漏洞源于index.php中的file参数未充分编码用户输入,可能导致反射型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A