Slashcode Paragraph标签脚本注入漏洞

漏洞信息详情

Slashcode Paragraph标签脚本注入漏洞

• CNNVD编号：CNNVD-200212-358
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1681
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2002-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-12-12
  
• 厂        商：
  
  open_source_development_network
• 漏洞来源：
  Discovery credited…

Slashcode CVS于2002年6月17日到7月1日发布跨站脚本攻击（XSS）漏洞。远程攻击者可以通过向paragraph ＜P＞标签注入脚本作为其他用户执行任意脚本。

Users of versioned releases of SlashCode, including 2.2.5, are not vulnerable to this issue.
This issue only exists in CVS versions of SlashCode from between June 17 and July 1 2002. Users who updated their CVS tree during these times are strongly advised to run cvs update.
Development code from CVS has fixes for the vulnerability as of 02 July 2002. Users of CVS versions of SlashCode are urged to run cvs update and install the most recent code.

来源: XF
名称: slashcode-cvs-xss(9473)
链接:http://xforce.iss.net/xforce/xfdb/9473

来源: BID
名称: 5140
链接:http://www.securityfocus.com/bid/5140