Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
Vulnerability Description
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Formwork 跨站脚本漏洞
Vulnerability Description
Formwork是Formwork开源的一个基于平面文件的内容管理系统(CMS)。用于构建和管理简单网站。 Formwork 1.13.1之前版本存在跨站脚本漏洞,该漏洞源于允许攻击者通过 /panel/options/site 修改站点选项来执行任意 Web 脚本。
CVSS Information
N/A
Vulnerability Type
N/A