基础信息
项目名称:dusdong/yycms
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721151980302237696/1725855216588775424
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9640 | CVE-2018-14040 | 中危 |
| Bootstrap 跨站脚本漏洞 | XSS | MPS-2018-9642 | CVE-2018-14042 | 中危 |
| Bootstrap跨站脚本漏洞 | XSS | MPS-2019-0181 | CVE-2018-20676 | 中危 |
| Bootstrap跨站脚本漏洞 | XSS | MPS-2019-0182 | CVE-2018-20677 | 中危 |
| Bootstrap 存在跨站脚本漏洞 | XSS | MPS-2019-1791 | CVE-2019-8331 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| bootstrap | 3.3.5 | 3.4.1 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| non-standard | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| bootstrap | 3.3.5 | 间接依赖 | nuget |
| Respond | 1.4.2 | 间接依赖 | nuget |
| SHLWAPI.dll | 间接依赖 | ||
| Microsoft.AspNet.Mvc | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Core.zh-Hans | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor.zh-Hans | 3.2.3 | 间接依赖 | nuget |
| NSoup | 0.8.0 | 间接依赖 | nuget |
| Microsoft.Owin.Security.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| MSVCR120.dll | 间接依赖 | ||
| Owin | 1.0 | 间接依赖 | nuget |
| Common.Logging.Core | 3.0.0 | 间接依赖 | nuget |
| Topshelf | 3.2.0 | 间接依赖 | nuget |
| SHELL32.dll | 间接依赖 | ||
| Microsoft.AspNet.WebPages.zh-Hans | 3.2.3 | 间接依赖 | nuget |
| WININET.dll | 间接依赖 | ||
| Microsoft.AspNet.SignalR | 2.2.0 | 间接依赖 | nuget |
| Microsoft.Owin.Security | 3.0.1 | 间接依赖 | nuget |
| USER32.dll | 间接依赖 | ||
| Microsoft.AspNet.WebApi.Core | 5.2.3 | 间接依赖 | nuget |
| Microsoft.Owin.Host.SystemWeb.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| EntityFramework | 6.1.3 | 间接依赖 | nuget |
| HtmlAgilityPack | 1.4.9 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Client.zh-Hans | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.JS | 2.2.0 | 间接依赖 | nuget |
| Modernizr | 2.8.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.HelpPage | 5.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi | 5.2.3 | 间接依赖 | nuget |
| MSVCP120.dll | 间接依赖 | ||
| Antlr | 3.5.0.2 | 间接依赖 | nuget |
| GDI32.dll | 间接依赖 | ||
| KERNEL32.dll | 间接依赖 | ||
| SharpZipLib | 0.86.0 | 间接依赖 | nuget |
| JavaScriptEngineSwitcher.Core | 1.2.4 | 间接依赖 | nuget |
| Microsoft.Owin.Host.SystemWeb | 3.0.1 | 间接依赖 | nuget |
| v8-x64.dll | 间接依赖 | ||
| WebGrease | 1.6.0 | 间接依赖 | nuget |
| comdlg32.dll | 间接依赖 | ||
| Microsoft.AspNet.SignalR.zh-Hans | 2.2.0 | 间接依赖 | nuget |
| urlmon.dll | 间接依赖 | ||
| Quartz | 2.3.2 | 间接依赖 | nuget |
| Microsoft.Owin | 3.0.1 | 间接依赖 | nuget |
| COMCTL32.dll | 间接依赖 | ||
| jQuery | 2.1.4 | 间接依赖 | nuget |
| Microsoft.AspNet.Web.Optimization.zh-Hans | 1.1.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.WebHost.zh-Hans | 5.2.3 | 间接依赖 | nuget |
| Microsoft.Web.Infrastructure | 1.0.0.0 | 间接依赖 | nuget |
| JavaScriptEngineSwitcher.ConfigurationIntelliSense | 1.2.9 | 间接依赖 | nuget |
| Common.Logging | 3.0.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Web.Optimization | 1.1.3 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.WebHost | 5.2.3 | 间接依赖 | nuget |
| ole32.dll | 间接依赖 | ||
| Microsoft.AspNet.SignalR.Core | 2.2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.Mvc.zh-Hans | 5.2.3 | 间接依赖 | nuget |
| gdiplus.dll | 间接依赖 | ||
| ClearScript.V8 | 5.4.3 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Core.zh-Hans | 2.2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.Client | 2.2.0 | 间接依赖 | nuget |
| WINMM.dll | 间接依赖 | ||
| VERSION.dll | 间接依赖 | ||
| Newtonsoft.Json | 7.0.1 | 间接依赖 | nuget |
| Microsoft.AspNet.Razor | 3.2.3 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.SystemWeb.zh-Hans | 2.2.0 | 间接依赖 | nuget |
| DotNetZip | 1.9.6 | 间接依赖 | nuget |
| v8-ia32.dll | 间接依赖 | ||
| ADVAPI32.dll | 间接依赖 | ||
| JavaScriptEngineSwitcher.V8 | 1.3.0 | 间接依赖 | nuget |
| Lucene.Net.Analysis.PanGu | 2.4.1 | 间接依赖 | nuget |
| Microsoft.AspNet.SignalR.SystemWeb | 2.2.0 | 间接依赖 | nuget |
| Microsoft.AspNet.WebApi.Client | 5.2.3 | 间接依赖 | nuget |
| EntityFramework.zh-Hans | 6.1.3 | 间接依赖 | nuget |
| Microsoft.Owin.zh-Hans | 3.0.1 | 间接依赖 | nuget |
| mscoree.dll | 间接依赖 | ||
| Microsoft.AspNet.WebPages | 3.2.3 | 间接依赖 | nuget |
| Lucene.Net | 3.0.3 | 间接依赖 | nuget |
| PSAPI.DLL | 间接依赖 |