Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Typesetter CMS Reflected XSS via Move Message Handling
Vulnerability Description
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in include/admin/Tools/Status.php. An authenticated attacker can supply crafted input containing HTML or JavaScript, resulting in arbitrary script execution in the context of an authenticated user's browser session.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Typesetter CMS 跨站脚本漏洞
Vulnerability Description
Typesetter CMS是Typesetter开源的一个内容管理系统。 Typesetter CMS 5.1及之前版本存在跨站脚本漏洞,该漏洞源于对path参数清理和转义不足,可能导致反射型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A