XPath注入 on 办公AI智能小助手 https://blog.qife122.com/tags/xpath%E6%B3%A8%E5%85%A5/ Recent content in XPath注入 on 办公AI智能小助手 Hugo zh-cn qife Sat, 06 Dec 2025 16:11:37 +0800 WatchGuard Firebox XPath 注入漏洞解析与应对方案 https://blog.qife122.com/p/watchguard-firebox-xpath-%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E8%A7%A3%E6%9E%90%E4%B8%8E%E5%BA%94%E5%AF%B9%E6%96%B9%E6%A1%88/ Sat, 06 Dec 2025 16:11:37 +0800 https://blog.qife122.com/p/watchguard-firebox-xpath-%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E8%A7%A3%E6%9E%90%E4%B8%8E%E5%BA%94%E5%AF%B9%E6%96%B9%E6%A1%88/ <h3 id="cve-2025-1545---watchguard-firebox-web-cgi-中的-xpath-注入漏洞"><strong>CVE-2025-1545 - WatchGuard Firebox Web CGI 中的 XPath 注入漏洞</strong></h3> <h4 id="概述"><strong>概述</strong></h4> <p>CVE-2025-1545 是 WatchGuard Fireware OS 中存在的一个 XPath 注入漏洞。此漏洞可能允许远程未经验证的攻击者,通过暴露的认证或管理 Web 界面,从 Firebox 配置中检索敏感信息。</p> XPath注入漏洞技术分析与验证 https://blog.qife122.com/p/xpath%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90%E4%B8%8E%E9%AA%8C%E8%AF%81/ Wed, 12 Nov 2025 04:42:50 +0800 https://blog.qife122.com/p/xpath%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E6%8A%80%E6%9C%AF%E5%88%86%E6%9E%90%E4%B8%8E%E9%AA%8C%E8%AF%81/ <h1 id="techknock-digital-services---xpath注入漏洞">TechKnock Digital Services - XPath注入漏洞</h1> <p><strong>风险等级:</strong> 低<br> <strong>本地利用:</strong> 否<br> <strong>远程利用:</strong> 是<br> <strong>CVE:</strong> 暂无<br> <strong>CWE:</strong> 暂无<br> <strong>搜索语法:</strong> &ldquo;Developed By TechKnock Digital Services.&rdquo;</p> <hr> <h2 id="漏洞信息">漏洞信息</h2> <p><strong>漏洞标题:</strong> TechKnock Digital Services - XPath注入漏洞<br> <strong>日期:</strong> 2025-05-21<br> <strong>漏洞作者:</strong> Behrouz Mansoori<br> <strong>Google搜索语法:</strong> &ldquo;Developed By TechKnock Digital Services.&rdquo;<br> <strong>分类:</strong> Web应用程序<br> <strong>测试环境:</strong> Mac, Firefox</p> Hugging Face Smolagents XPath注入漏洞分析 https://blog.qife122.com/p/hugging-face-smolagents-xpath%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Sat, 01 Nov 2025 21:15:28 +0800 https://blog.qife122.com/p/hugging-face-smolagents-xpath%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="hugging-face-smolagents-xpath注入漏洞分析">Hugging Face Smolagents XPath注入漏洞分析</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>Hugging Face Smolagents 1.20.0版本中的<code>search_item_ctrl_f</code>函数存在XPath注入漏洞。该函数位于<code>src/smolagents/vision_web_browser.py</code>文件中。</p>