在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-9834Netdata Web应用程序安全漏洞 发布时间:2019-03-15类型:CANstatus:Candidatephase:Assigned 漏洞描述Netdata Web application是一款基于Web的主机监控应用程序。 Netdata Web应用程序1.13.0及之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入并执行恶意的HTML代码,窃取身份验证凭证或控制网站呈现的方式。** DISPUTED ** The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot. 参考文献
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论