漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Group-Office vulnerable to blind XSS
Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
groupoffice 安全漏洞
Vulnerability Description
groupoffice是Intermesh开源的一个集团办公室群件和CRM。 groupoffice 6.8.123和25.0.27之前版本存在安全漏洞,该漏洞源于存储型和盲型跨站脚本,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A