漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface
Vulnerability Description
Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
mezzanine 安全漏洞
Vulnerability Description
mezzanine是stephenmcd个人开发者的一个Django的CMS框架。 mezzanine 6.1.1之前版本存在安全漏洞,该漏洞源于displayable_links_js函数清理不足,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A