Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of HTML Tags in a Web Page in libredesk
Vulnerability Description
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/{id}/notes, the backend automatically wraps user input in <p> tags. However, by intercepting the request and removing the <p> tag, an attacker can inject arbitrary HTML elements such as forms and images, which are then stored and rendered without proper sanitization. This can lead to phishing, CSRF-style forced actions, and UI redress attacks. This issue has been patched in version 0.8.6-beta.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Libredesk 跨站脚本漏洞
Vulnerability Description
Libredesk是Abhinav Raut个人开发者的一个用户支持平台。 Libredesk 0.8.6-beta之前版本存在跨站脚本漏洞,该漏洞源于联系人备注功能存在存储型HTML注入问题,可能导致钓鱼攻击和CSRF攻击。
CVSS Information
N/A
Vulnerability Type
N/A