HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX 26.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /system/api/saveNode endpoint, which had a storage-oriented cross-site scripting vulnerability. Users with edit...

lxml-html-clean has <base> tag injection through default Cleaner configuration

Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...

Fiber 路径遍历漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber v3 and earlier have a path traversal vulnerability. This vulnerability arises from the possibility of bypassing the static middleware cleaner, which may lead to the reading of arbitrary files on the Windows server file system...

Stirling-PDF 代码问题漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A code issue vulnerability exists in Stirling-PDF versions prior to 1.1.0 that stems from a cleaner in the HTML to PDF function that can be bypassed, potentially leading to...

Stirling-PDF 代码问题漏洞

Stirling-PDF is a powerful, locally hosted, web-based PDF manipulation tool using Docker, open-sourced by Stirling Tools. A code issue vulnerability exists in Stirling-PDF versions prior to 1.1.0 that stems from a cleaner in the Markdown to PDF feature that can be bypassed, potentially leading to...