漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover
Vulnerability Description
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Horilla 代码问题漏洞
Vulnerability Description
Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0之前版本存在代码问题漏洞,该漏洞源于应用程序中清理不当,可能导致跨站脚本攻击,进而导致管理员账户接管。
CVSS Information
N/A
Vulnerability Type
N/A