Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Typemill has Reflected XSS via login error view template
Vulnerability Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Typemill 安全漏洞
Vulnerability Description
Typemill是Typemill开源的一款适用于微出版商的轻量级平面文件 cms。 Typemill 2.19.1及之前版本存在安全漏洞,该漏洞源于登录错误视图模板中用户名值缺少上下文编码,可能导致反射型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A