Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform
Vulnerability Description
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Perx Customer Engagement & Loyalty Platform 安全漏洞
Vulnerability Description
Perx Customer Engagement & Loyalty Platform是新加坡Perx公司的一个客户参与活动平台。 Perx Customer Engagement & Loyalty Platform 4.617.4之前版本存在安全漏洞,该漏洞源于SVG文件上传清理不当,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A