|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-09-19 | |
| Rule Name: | Tool Juice-Shop XSS Vulnerability Detected | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Juice-Shop is an open source web vulnerability environment maintained by OWASP that contains cross-site scripting vulnerabilities. Cross-site scripting attack is caused by web application's lack of validation of user input. By submitting the web application script code, attackers can cause malicious code to be executed on the victim's browser, thereby stealing the victim's sensitive information, etc. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |