漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes
Vulnerability Description
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
nuxt-og-image 跨站脚本漏洞
Vulnerability Description
nuxt-og-image是Nuxt Modules开源的一个为Nuxt应用生成社交媒体预览图的工具。 nuxt-og-image 6.2.5之前版本存在跨站脚本漏洞,该漏洞源于图像生成组件允许向HTML页面主体注入任意属性。
CVSS Information
N/A
Vulnerability Type
N/A