Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-Site Scripting in NesterSoft WorkTime
Vulnerability Description
The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
NesterSoft WorkTime 安全漏洞
Vulnerability Description
NesterSoft WorkTime是加拿大NesterSoft公司的一个项目跟踪软件。 NesterSoft WorkTime存在安全漏洞,该漏洞源于/report/internet/urls端点未正确编码或过滤数据,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A