漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stored Cross‑Site Scripting in MCO
Vulnerability Description
MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
MyComplianceOffice MCO 跨站脚本漏洞
Vulnerability Description
MyComplianceOffice MCO是MyComplianceOffice公司的一款合规与风险管理软件。 MyComplianceOffice MCO 25.3.3.1版本存在跨站脚本漏洞,该漏洞源于应用程序logo上传功能存在存储型跨站脚本问题,攻击者能够上传包含恶意JavaScript代码的特制SVG文件,当logo被渲染或打开时执行。
CVSS Information
N/A
Vulnerability Type
N/A