Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
npm Glossarizer 安全漏洞
Vulnerability Description
npm Glossarizer是美国npm公司的一个小的 jquery 插件,可以自动在页面上标记词汇表术语。 Glossarizer 1.5.2及之前版本存在安全漏洞,该漏洞源于网页生成期间输入中和不当,容易受到存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A