Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template
Vulnerability Description
Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescaped {!! json_encode(...) !!} without safe encoding flags allows string values to break out of the JavaScript context and be interpreted as HTML/JS by the browser. If any serialized fields contain attacker-controlled content, such as a username, display name, or site config value, a malicious payload will execute arbitrary script for any user viewing the page (stored DOM XSS). This issue has been patched by commit e28edb204e80efab628d1241198ea4f079779cfd.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Jexpanel 安全漏洞
Vulnerability Description
Jexpanel是Jexactyl开源的一个游戏服务器管理与计费面板。 Jexpanel存在安全漏洞,该漏洞源于wrapper.blade.php模板使用未转义的json_encode,可能导致存储型DOM跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A