Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input
Vulnerability Description
Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Beego 跨站脚本漏洞
Vulnerability Description
Beego是Beego开源的一款基于Go语言的开源Web框架。 Beego 2.3.6之前版本存在跨站脚本漏洞,该漏洞源于RenderForm函数中的跨站脚本攻击,可能导致会话劫持、凭据窃取或账户接管。
CVSS Information
N/A
Vulnerability Type
N/A