Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LaSuite Doc affected by Stored XSS via Interlinking Block
Vulnerability Description
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
La Suite Docs 跨站脚本漏洞
Vulnerability Description
La Suite Docs是La Suite numérique开源的一个可扩展的协作笔记、维基和文档平台。 La Suite Docs 3.8.0版本至4.3.0版本存在跨站脚本漏洞,该漏洞源于Interlinking功能未验证URL,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A