Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites
Vulnerability Description
SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
SPIP 安全漏洞
Vulnerability Description
SPIP是SPIP开源的一个用于创建 Internet 站点的免费软件。 SPIP 4.4.9之前版本存在安全漏洞,该漏洞源于私有联合站点页面上对#URL_SYNDIC输出的清理不当,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A