Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export
Vulnerability Description
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a malicious email to a Stirling-PDF user can achieve JavaScript execution when that user exports the email using the "Download HTML intermediate file" feature. Version 2.8.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Stirling-PDF 跨站脚本漏洞
Vulnerability Description
Stirling-PDF是Stirling Tools开源的一个使用 Docker 的强大、本地托管的基于 Web 的 PDF 操作工具。 Stirling-PDF 2.7.3版本存在跨站脚本漏洞,该漏洞源于/api/v1/convert/eml/pdf端点参数downloadHtml=true返回未清理的电子邮件正文HTML,可能导致攻击者通过恶意电子邮件在用户使用下载HTML中间文件功能时执行JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A