Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Sherpa Orchestrator 跨站脚本漏洞
Vulnerability Description
Sherpa Orchestrator是Sherpa公司的一款IT管理类软件,用于自动化IT流程和工作流管理。 Sherpa Orchestrator 141851版本存在安全漏洞,该漏洞源于添加或更新许可证功能可能通过name参数导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A