Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting in the Holded application
Vulnerability Description
Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Holded 跨站脚本漏洞
Vulnerability Description
Holded是Holded公司的一款业务管理软件。 Holded 4.20.0之前版本存在跨站脚本漏洞,该漏洞源于允许攻击者在 Genera、Team ID 函数中的的所有可编辑参数中存储 JavaScript 有效载荷,这可能会导致会话接管。
CVSS Information
N/A
Vulnerability Type
N/A