Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Upload in Netoloji Software's E-Flow
Vulnerability Description
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Netoloji E-Flow 代码问题漏洞
Vulnerability Description
Netoloji E-Flow是土耳其Netoloji公司的一款应用程序。 Netoloji E-Flow 3.23.00之前版本存在代码问题漏洞,该漏洞源于危险类型文件上传不受限制和网页生成时输入中和不当,可能导致存储型跨站脚本攻击和文件内容注入。
CVSS Information
N/A
Vulnerability Type
N/A