Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse Calendar plugin event names susceptible to XSS
Vulnerability Description
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Discourse Calendar 跨站脚本漏洞
Vulnerability Description
Discourse Calendar是Discourse开源的一个日历插件。 Discourse Calendar 0.5之前版本存在跨站脚本漏洞,该漏洞源于动态日历功能存在问题,事件名称渲染时可能受到XSS攻击。此漏洞仅影响那些修改或禁用了Discourse默认内容安全策略的站点。
CVSS Information
N/A
Vulnerability Type
N/A