漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Frappe Workspace modification and stored XSS due to improper resource ownership checks
Vulnerability Description
Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could lead to stored XSS here. This vulnerability is fixed in 14.100.2, 15.101.0, and 16.10.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Frappe 跨站脚本漏洞
Vulnerability Description
Frappe是印度Frappe公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe 14.100.2之前版本、15.101.0之前版本和16.10.0之前版本存在跨站脚本漏洞,该漏洞源于缺少验证和权限检查不当,可能导致修改其他用户私有工作空间和存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A