Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UJCMS 安全漏洞
Vulnerability Description
UJCMS是dromara开源的一个 Java 开源内容管理系统。 UJCMS 9.6.3版本存在安全漏洞,该漏洞源于对上传的SVG文件中嵌入属性清理不足,存在存储型跨站脚本(XSS)漏洞,允许经过身份验证的攻击者在其他后端用户的浏览器上下文中执行任意JavaScript,从而导致敏感令牌被盗。
CVSS Information
N/A
Vulnerability Type
N/A