漏洞描述
lunary-ai/lunary version 1.2.7 存在跨站脚本漏洞。此漏洞是由于对用户访问的URI缺乏校验导致的。
Lunary SAML Metadata 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-9161: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
- POC sharepoint-site-metadata-disclosure: Microsoft SharePoint - Site Metadata Disclosure
- OpenMetadata存在默认账号密码
- POC CVE-2022-31260: ResourceSpace - Metadata Export
- POC CVE-2024-28255: OpenMetadata - Authentication Bypass
- POC CVE-2025-31324: SAP NetWeaver Visual Composer Metadata Uploader - Deserialization
- POC CVE-2024-28255: OpenMetadata RCE
- POC datahub-metadata-default-login: DataHub Metadata - Default Login
- POC gcloud-gke-metadata-server-disabled: GKE Clusters Without Metadata Server Enabled
- POC gcloud-org-guest-attributes: Guest Attributes of Compute Engine Metadata Not Disabled
- POC gcloud-exclude-metadata-from-firewall-logging: Exclude Metadata from Firewall Logging
- POC metadata-service-openstack: Openstack Metadata Service Check
- POC datahub-metadata-default-login: DataHub Metadata - Default Login