Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Vulnerability Description
The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the upload. In effect, an attacker will have to trick an editor/administrator into uploading a strangely named file.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Ibexa Admin UI 安全漏洞
Vulnerability Description
Ibexa Admin UI是Ibexa开源的一个 UI 界面。专用于 Ibexa Admin UI Bundle。 Ibexa Admin UI存在安全漏洞,该漏洞源于文件上传小部件容易受到文件名中的跨站脚本有效载荷的攻击。
CVSS Information
N/A
Vulnerability Type
N/A