Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
hono - HTML Injection via Improper JSX Attribute Name Handling in SSR
Vulnerability Description
hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitrary attributes or elements.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Hono 跨站脚本漏洞
Vulnerability Description
Hono是Hono团队开源的一个用 TypeScript 编写的 Web 框架。 Hono 4.12.14之前版本存在跨站脚本漏洞,该漏洞源于jsx服务端渲染过程中属性名称处理不当,可能允许攻击者通过使用畸形的属性名称注入意外的HTML。
CVSS Information
N/A
Vulnerability Type
N/A