Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visitors viewing the generated static site.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
Publii CMS 安全漏洞
Vulnerability Description
Publii CMS是波兰Publii公司的一个静态网站生成器。 Publii CMS v0.46.5版本存在安全漏洞,该漏洞源于未清理配置字段输入,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A