Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JS - Internal strings in HTTP headers
Vulnerability Description
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
使用外部控制的格式字符串
Vulnerability Title
Zabbix 格式化字符串错误漏洞
Vulnerability Description
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 6.0.0至6.0.33版本、6.4.0至6.4.18版本和7.0.0至7.0.3版本存在格式化字符串错误漏洞,该漏洞源于未针对JavaScript进行正确编码,导致可创建用于访问对象隐藏属性的内部字符串。
CVSS Information
N/A
Vulnerability Type
N/A