Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser
Vulnerability Description
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
LRS 安全漏洞
Vulnerability Description
LRS是Yet Analytics开源的一个在 Clojure(Script) 中构建 xAPI 学习记录存储 (LRS) 的协议、规范和逻辑。 LRS 1.2.17之前版本存在安全漏洞。攻击者利用该漏洞通过恶意制作的 xAPI 语句在浏览器中执行脚本或其他标记注入。
CVSS Information
N/A
Vulnerability Type
N/A