漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability
Vulnerability Description
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
go2rtc 跨站脚本漏洞
Vulnerability Description
go2rtc是Alex X个人开发者的一个支持 RTSP、RTMP、HTTP-FLV、WebRTC、MSE、HLS、MP4、MJPEG、HomeKit、FFmpeg 等的终极相机流应用程序。 go2rtc 1.8.5 及之前版本存在跨站脚本漏洞,该漏洞源于 links.html 中的 src GET 参数容易受到跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A