Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting vulnerability in Django MarkdownX
Vulnerability Description
Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Django MarkdownX 跨站脚本漏洞
Vulnerability Description
Django MarkdownX是一个为 Django 构建的综合 Markdown 插件,其核心是灵活性、可扩展性和易用性。 Django MarkdownX 4.0.2版本存在跨站脚本漏洞,该漏洞源于缺乏对 JavaScript 元素的适当清理。攻击者利用该漏洞可以在上传功能中存储特制的 JavaScript 有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A