Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dashboards and iFrames can link malicious web content
Vulnerability Description
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
SICK Field Analytics和SICK Media Server 安全漏洞
Vulnerability Description
SICK Field Analytics和SICK Media Server都是德国SICK公司的产品。SICK Field Analytics是一款用于评估制造数据的软件。SICK Media Server是一款媒体服务器。 SICK Field Analytics和SICK Media Server存在安全漏洞,该漏洞源于iFrame部件创建过程中嵌入的URL未经验证,可能导致代码执行攻击。
CVSS Information
N/A
Vulnerability Type
N/A