Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, EXCLUDES_FILES, FILE_TYPES[], INCLUDES_DIRS, INCLUDES_FILES, and TIMEZONE do not properly sanitize user-supplied input. Malicious payloads submitted via these parameters are persisted in the application and executed whenever an administrator views or edits the settings page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Diskover-web 安全漏洞
Vulnerability Description
Diskover-web是美国Diskover公司的一款文件系统索引工具。 Diskover-web v2.3.0版本存在安全漏洞,该漏洞源于管理设置界面中多个配置字段清理不当,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A