Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy
Vulnerability Description
Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP removes the browser-enforced restriction that would otherwise block external script execution, enabling attackers to load arbitrary remote payloads into operator browser sessions.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Beghelli Sicuro24 SicuroWeb 安全漏洞
Vulnerability Description
Beghelli Sicuro24 SicuroWeb是意大利Beghelli公司的一个远程安防监控与报警管理平台。 Beghelli Sicuro24 SicuroWeb存在安全漏洞,该漏洞源于未强制执行内容安全策略,允许无限制加载来自攻击者控制源的外部JavaScript资源,可能导致加载任意远程有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A