Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting
Vulnerability Description
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
NuGet Gallery 安全漏洞
Vulnerability Description
NuGet Gallery是NuGet开源的一个支持NuGet的软件包存储库。 NuGet Gallery 2024.05.28之前版本存在安全漏洞,该漏洞源于处理Markdown内容中的自动链接时的不当清理,容易受到跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A