漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pretalx: Stored cross-site scripting in organiser search typeahead
Vulnerability Description
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the organiser's search query matched the malicious record. This vulnerability is fixed in 2026.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
pretalx 跨站脚本漏洞
Vulnerability Description
pretalx是pretalx开源的一个会议规划工具。专注于为组织者、演讲者、评审员和与会者提供最佳体验。 pretalx 2026.1.0之前版本存在跨站脚本漏洞,该漏洞源于后台组织者搜索使用innerHTML字符串插值渲染结果,导致任何控制提交标题或显示名称的用户可以注入HTML或JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A