漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting
Vulnerability Description
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Bdtask SalesERP 安全漏洞
Vulnerability Description
Bdtask SalesERP是孟加拉国Bdtask公司的一个销售企业资源规划软件。 Bdtask SalesERP 20250728及之前版本存在安全漏洞,该漏洞源于对文件/edit_profile中参数first_name/last_name的错误操作,可能导致基本跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A