Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities

Talos Vulnerability Report TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detaildevice cross-site scripting XSS vulnerabilities July 6, 2023 CVE Number CVE-2023-24497,CVE-2023-24496 SUMMARY Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice...

ejs 注入漏洞

Github ejs is an embedded JavaScript template. An injection vulnerability exists in ejs version v3.1.9, which stems from vulnerability to server-side template injection SSTI attacks, which can be exploited by an attacker to achieve template injection through the configuration settings of the...