Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dev Blog v1.0 - Stored XSS
Vulnerability Description
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
DevBlog 跨站脚本漏洞
Vulnerability Description
DevBlog是Arman Idrisi个人开发者的一个使用 Node.js (Express) 和 MongoDB 开发的博客项目。 DevBlog v1.0版本存在跨站脚本漏洞,该漏洞源于允许无限制的文件上传, 攻击者利用该漏洞可以上传恶意 HTML 文件,然后猜测上传文件的文件名并将其发送给潜在受害者。
CVSS Information
N/A
Vulnerability Type
N/A