漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Multiple Authenticated Stored Cross-Site Scripting
Vulnerability Description
In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their session using an "Authenticated Stored Cross-Site Scripting". Those other users might have more privileges than the attacker, enabling a form of horizontal movement.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cordaware bestinformed 安全漏洞
Vulnerability Description
Cordaware bestinformed是德国Cordaware公司的一套群发通知系统。 Cordaware bestinformed存在安全漏洞,该漏洞源于输入清理不当,导致存储型跨站脚本攻击,可能劫持高权限会话。
CVSS Information
N/A
Vulnerability Type
N/A