Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login
Vulnerability Description
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Baidu OpenRASP 安全漏洞
Vulnerability Description
Baidu OpenRASP是中国百度(Baidu)公司的一个开源 RASP 解决方案。 Baidu OpenRASP存在安全漏洞。攻击者利用该漏洞可以执行任意 JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A