漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload
Vulnerability Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased if the scripts are run by a power user. Version 10.2.2 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
替代XSS语法转义处理不恰当
Vulnerability Title
DNN 安全漏洞
Vulnerability Description
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 10.2.2之前版本存在安全漏洞,该漏洞源于对上传的SVG文件处理不当,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A