Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LORIS has an open redirect field on login
Vulnerability Description
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS, which could be used to trick users into visiting arbitrary URLs if they are given a link with a third party redirect parameter. This vulnerability is fixed in 27.0.3 and 28.0.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
LORIS Neuroimaging Platform 输入验证错误漏洞
Vulnerability Description
LORIS Neuroimaging Platform是ACElab开源的一个神经影像平台。 LORIS Neuroimaging Platform 27.0.3之前版本和28.0.1之前版本存在输入验证错误漏洞,该漏洞源于登录重定向参数未验证目标是否在LORIS内,可能导致用户被诱导访问任意URL。
CVSS Information
N/A
Vulnerability Type
N/A