漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sage DPW 安全漏洞
Vulnerability Description
Sage DPW是英国Sage公司的一个人力资源系统。 Sage DPW 2024_12_000之前版本存在安全漏洞,该漏洞源于输入字段未过滤脚本,会导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A