Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting vulnerability in Holded
Vulnerability Description
A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Holded 跨站脚本漏洞
Vulnerability Description
Holded是Holded公司的一款业务管理软件。 Holded存在跨站脚本漏洞,该漏洞源于存在存储型跨站脚本漏洞,允许攻击者将JavaScript有效载荷存储在活动功能的可编辑icon和name参数中。
CVSS Information
N/A
Vulnerability Type
N/A