Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Frappe Learning vulnerable to Malicious Content upload via Profile bio field
Vulnerability Description
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Frappe Learning 跨站脚本漏洞
Vulnerability Description
Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.34.1及之前版本存在跨站脚本漏洞,该漏洞源于未充分清理个人简介中的上传内容,可能导致恶意SVG文件在其他用户环境中执行任意脚本。
CVSS Information
N/A
Vulnerability Type
N/A