Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Django Template Engine Vulnerable to XSS
Vulnerability Description
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Fiber 安全漏洞
Vulnerability Description
Fiber是一款使用Go语言编写的开源Web框架。 Fiber template 3.1.9之前版本存在安全漏洞,该漏洞源于存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞在浏览器中执行恶意脚本。
CVSS Information
N/A
Vulnerability Type
N/A