Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-Site Scripting (XSS)
Vulnerability Description
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge. This vulnerability only affects LogicalDOC Enterprise.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
LogicalDOC 跨站脚本漏洞
Vulnerability Description
LogicalDOC是美国LogicalDOC公司的一套使用Java技术开发的文件管理系统。该系统具有Lucene全文搜索索引和自动导入等功能。 LogicalDOC存在安全漏洞,该漏洞源于JSP文件中的反射型跨站脚本,可能导致未经验证的攻击者诱骗用户点击特制链接触发漏洞,从而诱导受害者执行站点请求。
CVSS Information
N/A
Vulnerability Type
N/A