Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload
Vulnerability Description
A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser, retrieves the CSRF token, and sends a request to change the admin's password resulting in a full account takeover.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
linkding 安全漏洞
Vulnerability Description
linkding是Sascha Ißbrücker个人开发者的一个可以自己托管的书签管理器。 linkding存在安全漏洞,该漏洞源于书签和资产渲染管道中的文件上传功能允许上传包含JavaScript内容的恶意SVG文件,可能导致管理员查看时执行JavaScript并获取CSRF令牌,从而更改密码并导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A