Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kurmi Provisioning Suite 安全漏洞
Vulnerability Description
Kurmi Provisioning Suite是Kurmi公司的一个基础设施管理套件。 Kurmi Provisioning Suite存在安全漏洞。攻击者利用该漏洞可以通过 COMPONENT_fields(htmlTitle) 字段注入任意 Web 脚本或 HTML。以下版本受到影响:7.9.0.38之前版本、7.10.x版本至7.10.0.18版本和7.11.x版本至7.11.0.15版本。
CVSS Information
N/A
Vulnerability Type
N/A