漏洞标题
N/A
漏洞描述信息
Headwind MDM Web panel 5.22.1 存在跨站点脚本(XSS)漏洞。文件上传功能允许上传 APK 和任意文件。通过利用此问题,攻击者可以上传 HTML 文件并将其与受害者共享下载链接。由于文件下载功能在块级模式下返回文件内容,受害者的浏览器将立即渲染 HTML 文件的内容作为网页。因此,上传的客户端代码将在受害者的浏览器中被评估和执行,使攻击者能够执行常见的 XSS 攻击。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
N/A
漏洞描述信息
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download function returns the file in inline mode, the victim’s browser will immediately render the content of the HTML file as a web page. As a result, the uploaded client-side code will be evaluated and executed in the victim’s browser, allowing attackers to perform common XSS attacks.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Headwind MDM 安全漏洞
漏洞描述信息
Headwind MDM是一款用于管理企业中Android设备的平台。 Headwind MDM Web panel 5.22.1版本存在安全漏洞,该漏洞源于文件上传不受限制。
CVSS信息
N/A
漏洞类别
其他