漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature
Vulnerability Description
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Frappe Learning 输入验证错误漏洞
Vulnerability Description
Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.33.0及之前版本存在输入验证错误漏洞,该漏洞源于上传的SVG文件清理不足,可能导致执行任意脚本。
CVSS Information
N/A
Vulnerability Type
N/A