Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vikunja Affected by XSS Via Task Preview
Vulnerability Description
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on hover. This vulnerability is fixed in 1.1.0.
CVSS Information
N/A
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Vikunja 安全漏洞
Vulnerability Description
Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 1.1.0之前版本存在安全漏洞,该漏洞源于TaskGlanceTooltip.vue中缺少转义,可能导致恶意用户通过悬停触发跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A