Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration
Vulnerability Description
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
DbGate 代码注入漏洞
Vulnerability Description
DbGate是DbGate开源的一个数据库管理器。 DbGate 7.0.0至7.1.5之前版本存在代码注入漏洞,该漏洞源于攻击者控制的SVG图标字符串未经清理即渲染为原始HTML,可能导致跨站脚本攻击和本地代码执行。
CVSS Information
N/A
Vulnerability Type
N/A