漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ARD GEC en Ligne 安全漏洞
Vulnerability Description
ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞,该漏洞源于Ajax事务管理器端点未对accountName字段进行适当清理或编码,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A