Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Persistent Cross-Site Scripting (XSS) in hushline inbox
Vulnerability Description
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Hush Line 安全漏洞
Vulnerability Description
Hush Line是免费开源匿名举报热线服务。 Hush Line存在安全漏洞,该漏洞源于收件箱中存在存储型跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A