Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-Site-Scripting (XSS)
Vulnerability Description
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HAWKI 跨站脚本漏洞
Vulnerability Description
HAWKI是德国HAWK Digital Environments团队的一个基于 OpenAI API 的大学教学界面。 HAWKI存在跨站脚本漏洞,该漏洞源于文件login.php存在反射型跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A