Jupiter CMS 多个跨站脚本攻击漏洞

漏洞信息详情

Jupiter CMS 多个跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200609-320
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-4874
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2006-09-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-28
  
• 厂        商：
  
  jupiter_cms
• 漏洞来源：
  HACKERS PAL has be…

Jupiter CMS中存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可以通过(a) modules/blocks.php中的(1) language[Admin name]和(2) language[Admin back]参数；(b) modules/register.php中的(3) language[Register title]和(4) language[Register title2]参数；(c) modules/mass-email.php中的(5) language[Mass-Email form title]、(6) language[Mass-Email form desc]、(7) language[Mass-Email form desc2]、(8) language[Mass-Email form desc3]和(9) language[Mass-Email form desc4]参数；(d) modules/register.php中的(10) language[Forgotten title]、(11) language[Forgotten desc]、(12) language[Forgotten desc2]、(13) language[Forgotten desc3]、(14) language[Forgotten desc4]和(15) language[Forgotten desc5]参数；以及(e) modules/search.php中的(16) language[Search view desc]、(17) language[Search view desc2]、(18) language[Search view desc3]、(19) language[Search view desc4]、(20) language[Search view desc5]、(21) language[Search view desc6]、(22) language[Search view desc7]和(23) language[Search view desc8]参数注入任意Web脚本或HTML。

来源: BID

名称: 20048

链接:http://www.securityfocus.com/bid/20048

来源: BUGTRAQ

名称: 20060915 Jupiter CMS Multiple injections

链接:http://www.securityfocus.com/archive/1/archive/1/446064/100/0/threaded

来源: SREASON

名称: 1608

链接:http://securityreason.com/securityalert/1608