Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in beefree.io
Vulnerability Description
beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all payloads will execute successfully. This issue has been fixed in version 3.47.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Bee Content Design Befree SDK 跨站脚本漏洞
Vulnerability Description
Bee Content Design Befree SDK是美国Bee Content Design公司的一个开发工具包。 Bee Content Design Befree SDK 3.47.0之前版本存在跨站脚本漏洞,该漏洞源于电子邮件构建器功能中社交媒体图标URL参数存在存储型跨站脚本,可能导致恶意攻击者注入任意HTML和JS代码。
CVSS Information
N/A
Vulnerability Type
N/A