Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored Cross-Site Scripting (XSS) in Sesame web application
Vulnerability Description
Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies/<ID>/logo', which are then stored on the server and executed in the context of any user who accesses the compromised resource.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Sesame 跨站脚本漏洞
Vulnerability Description
Sesame是Sesame公司的一个Web应用。 Sesame存在跨站脚本漏洞,该漏洞源于上传的SVG图像清理不当,可能导致攻击者嵌入恶意脚本,并在用户访问受感染资源时执行。
CVSS Information
N/A
Vulnerability Type
N/A