Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Vulnerability Description
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Umbraco CMS 注入漏洞
Vulnerability Description
Umbraco CMS是丹麦Umbraco公司的一个内容管理系统。 Umbraco CMS存在注入漏洞,该漏洞源于存在远程代码执行问题,用户在全屏模式下预览SVG文件时可能会面临代码执行风险。
CVSS Information
N/A
Vulnerability Type
N/A