漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers
Vulnerability Description
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful exploitation requires an attacker to have access to the target GitHub Enterprise Server instance and to entice a user, while operating in sudo mode, to click on a crafted malicious link to perform actions that require elevated privileges. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, 3.14.19.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GitHub Enterprise Server 安全漏洞
Vulnerability Description
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.18.1之前版本、3.17.7之前版本、3.16.10之前版本、3.15.14之前版本和3.14.19之前版本存在安全漏洞,该漏洞源于Issues搜索标签过滤器输入中和不当,可能导致基于DOM的跨站脚本攻击,进而导致权限提升和未经授权的工作流触发。
CVSS Information
N/A
Vulnerability Type
N/A