漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
npm Glossarizer 安全漏洞
Vulnerability Description
npm Glossarizer是美国npm公司的一个小的 jquery 插件,可以自动在页面上标记词汇表术语。 Glossarizer 1.5.2及之前版本存在安全漏洞,该漏洞源于网页生成期间输入中和不当,容易受到存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A