漏洞信息详情
Movable Type Comment Form HTML代码注入漏洞
- CNNVD编号:CNNVD-200306-088
- 危害等级: 中危
![图片[1]-Movable Type Comment Form HTML代码注入漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2003-0287
- 漏洞类型:
跨站脚本
- 发布时间:
2003-06-16
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
six_apart - 漏洞来源:
Discovery of this … -
漏洞简介
Movable Type 2.6以前版本和其他可能包含2.63的版本存在跨站脚本攻击(XSS)漏洞。可能当“允许评论HTML吗?”选项已启用时,远程攻击者可以借助Name文本插入任意web脚本或HTML。
漏洞公告
The vendor has reported that this issue has been addressed in the current version of Movable Type, users are advised to upgrade as soon as possible.
Movable Type Movable Type 2.0
-
Movable Type Movable Type Version 2.63
http://www.movabletype.org/download.shtml
参考网址
来源: BUGTRAQ
名称: 20030512 Re: CSS found in Movable Type
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105277690132079&w=2
来源: BUGTRAQ
名称: 20030512 CSS found in Movable Type
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105276879622636&w=2
来源: BUGTRAQ
名称: 20030513 Re: CSS found in Movable Type — Nope
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105284589927655&w=2
来源: XF
名称: movable-type-comment-xss(12003)
链接:http://xforce.iss.net/xforce/xfdb/12003
来源: BID
名称: 7560
链接:http://www.securityfocus.com/bid/7560
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
