漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Reflected XSS via X-October-Request-Handler Header
Vulnerability Description
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
October 安全漏洞
Vulnerability Description
October是October开源的一个内容管理系统 (CMS) 和网络平台。 October 3.5.15 版本之前存在安全漏洞,该漏洞源于 X-October-Request-Handler 标头不会清理 AJAX 处理程序名称,并允许未转义的 HTML 反射回来。
CVSS Information
N/A
Vulnerability Type
N/A