Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
zhanglun lettura RSS ContentRender.tsx cross site scripting
Vulnerability Description
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Lettura 代码注入漏洞
Vulnerability Description
Lettura是zhanglun个人开发者的一个RSS阅读器。 Lettura 0.1.22及之前版本存在代码注入漏洞,该漏洞源于对组件RSS Handler的文件src/components/ArticleView/ContentRender.tsx的错误操作,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A