Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting
Vulnerability Description
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The patch is identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
openstatus 代码注入漏洞
Vulnerability Description
openstatus是OpenStatus开源的一个开源状态页与可用性监控平台。 openstatus存在代码注入漏洞,该漏洞源于对Onboarding端点组件apps/dashboard/src/app/(dashboard)/onboarding/client.tsx文件中参数callbackURL的操作,可能导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A