Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OnboardLite has stored Cross-site Scripting issue that may lead to admin Account Take Over
Vulnerability Description
OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin when they attempt to migrate a user's discord account in the dashboard. Commit 1d32081a66f21bcf41df1ecb672490b13f6e429f patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
OnboardLite 安全漏洞
Vulnerability Description
OnboardLite是Hack@UCF开源的一个应用程序。 OnboardLite存在安全漏洞,该漏洞源于存在存储型跨站脚本漏洞,可能在管理员尝试在仪表板中迁移用户的Discord账户时渲染给管理员。
CVSS Information
N/A
Vulnerability Type
N/A