Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cskefu File Upload MediaController.java upload cross site scripting
Vulnerability Description
A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
cskefu(春松客服) 跨站脚本漏洞
Vulnerability Description
cskefu(春松客服)是中国Chatopera开源的一种开源、免费的智能客服系统。 cskefu(春松客服)8.0.1及之前版本存在跨站脚本漏洞,该漏洞源于文件com/cskefu/cc/controller/resource/MediaController.java中组件File Upload的函数Upload存在跨站脚本问题,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A