漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject
Vulnerability Description
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and EditSubmit() before being rendered by View_Step.RenderViewSteps(). An authenticated staff member can inject arbitrary JavaScript into the step subject field, and the payload executes when any user navigates to Troubleshooter > View Troubleshooter and clicks the affected step link.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
GFI HelpDesk 安全漏洞
Vulnerability Description
GFI HelpDesk是美国GFI开源的一个面向企业IT支持流程的服务请求与工单管理系统。 GFI HelpDesk 4.99.9之前版本存在安全漏洞,该漏洞源于故障排除器模块中对subject POST参数清理不足,可能导致经过身份验证的员工在步骤主题字段中注入任意JavaScript,从而在用户导航到Troubleshooter > View Troubleshooter并点击受影响的步骤链接时执行。
CVSS Information
N/A
Vulnerability Type
N/A