Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing. NOTE: the Supplier's position is that this has incorrect information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tactical RMM 安全漏洞
Vulnerability Description
Tactical RMM是AmidaWare Inc.开源的一个远程监控和管理工具。 Tactical RMM v1.3.1及之前版本存在安全漏洞,该漏洞源于/api/tacticalrmm/apiv3/views.py组件存在问题,可能导致远程执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A