漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the HttpOnly flag on the session cookie, this flaw could be exploited to capture session tokens and hijack user sessions, enabling elevated access.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyCourts 安全漏洞
Vulnerability Description
MyCourts是英国MyCourts公司的一个球场管理平台。 MyCourts v3版本存在安全漏洞,该漏洞源于LTA number profile字段缺少输入验证,可能导致存储型跨站脚本攻击,由于会话cookie缺少HttpOnly标志,可能被利用来劫持用户会话。
CVSS Information
N/A
Vulnerability Type
N/A