Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
alf.io's preloaded data as json is not escaped correctly
Vulnerability Description
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The Content-Security-Policy directive blocks any potential script execution. The administrator or event administrator can override the texts for customization purpose. The texts are not properly escaped. Version 2.0-M5 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
alf.io 安全漏洞
Vulnerability Description
Alf.io是Alf.io开源的一款免费开源活动出席管理系统。 alf.io 2.0-M5之前版本存在安全漏洞,该漏洞源于预加载的json数据未正确转义,可能导致管理员或活动管理员插入未正确转义的文本破坏自身安装。
CVSS Information
N/A
Vulnerability Type
N/A