Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ThinkDashboard: Arbitrary File Upload vulnerability in the Backup Import Feature
Vulnerability Description
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
ThinkDashboard 代码问题漏洞
Vulnerability Description
ThinkDashboard是MatiasDesu个人开发者的一个轻量级的、自托管的书签仪表板。 ThinkDashboard 0.6.7及之前版本存在代码问题漏洞,该漏洞源于备份导入功能未正确验证文件类型,可能导致存储型跨站脚本攻击或恶意软件分发。
CVSS Information
N/A
Vulnerability Type
N/A