Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Allegro 跨站脚本漏洞
Vulnerability Description
Allegro是Allegro开源的一个主要针对视频游戏和多媒体编程的跨平台库。 Allegro AI ClearML存在安全漏洞。攻击者利用该漏洞在用户查看 Web UI 中的“Debug Samples”选项卡时执行 JavaScript 有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A