Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information, including the user's session cookies.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sync in 安全漏洞
Vulnerability Description
Sync in是Sync-in开源的一个服务器同步平台。 Sync in 1.9.3之前版本存在安全漏洞,该漏洞源于上传包含恶意有效载荷的特制SVG文件,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A