Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting
Vulnerability Description
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HOMEECMS 代码注入漏洞
Vulnerability Description
HOMEECMS是tgywatalive个人开发者的一个电子商城建站系统。 HOMEECMS b59d7feaa9094234e8aa6c8c6b290621ca575ded及之前版本存在代码注入漏洞,该漏洞源于文件src/servlet/product/updateProductServlet.java中参数productName的错误操作,可能导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A