Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes (e.g., <img src=x onerror="alert('XSS')">). When a victim views an affected map popup, the malicious script executes in the context of the victim's browser session.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Leaflet 安全漏洞
Vulnerability Description
Leaflet是Volodymyr Agafonkin个人开发者的一个轻量级交互式地图开发库。 Leaflet 1.9.4及之前版本存在安全漏洞,该漏洞源于bindPopup方法未对用户输入进行清理,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A