漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Filament: Disabled RichEditor field state can be used for XSS
Vulnerability Description
Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the form. This vulnerability is fixed in 3.3.53.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
filamentphp filament 跨站脚本漏洞
Vulnerability Description
filamentphp filament是filamentphp团队开源的一套Laravel后台管理面板。 filamentphp filament 3.0.0版本至3.3.53之前版本存在跨站脚本漏洞,该漏洞源于未处理RichEditor字段的HTML,可能导致攻击者注入恶意HTML或JavaScript,从而实现跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A