Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker can insert arbitrary JavaScript into their profile, which executes in the browser of any user viewing it, including administrators. Due to the absence of the HttpOnly flag on the session cookie, this flaw could be exploited to capture session tokens and hijack user sessions, enabling elevated access.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyCourts 安全漏洞
Vulnerability Description
MyCourts是英国MyCourts公司的一个球场管理平台。 MyCourts v3版本存在安全漏洞,该漏洞源于LTA number profile字段缺少输入验证,可能导致存储型跨站脚本攻击,由于会话cookie缺少HttpOnly标志,可能被利用来劫持用户会话。
CVSS Information
N/A
Vulnerability Type
N/A