Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Qiwen Netdisk File Rename cross site scripting
Vulnerability Description
A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Rename Handler. The manipulation with the input <img src="" onerror="alert(document.cookie)"> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266083.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Qiwen Netdisk 跨站脚本漏洞
Vulnerability Description
Qiwen Netdisk是中国奇文(Qiwen)公司的一个简单、方便的文件存储方案(网盘)。 Qiwen Netdisk 1.4.0及之前版本存在跨站脚本漏洞,该漏洞源于qiwen-file中的文件重命名功能存在存储型跨站脚本(XSS)漏洞,允许攻击者在文件名中注入恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A