Multiple Bluemoon inc. Modules for XOOPS 跨站脚本攻击漏洞

漏洞信息详情

Multiple Bluemoon inc. Modules for XOOPS 跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200804-452
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2008-2035
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2008-04-30
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2008-09-05
  
• 厂        商：
  
  bluemoon
• 漏洞来源：
  These issues were …

Bluemoon存在跨站脚本漏洞在(1) BackPack 0.91 及其早期版本, (2) BmSurvey 0.84 及其早期版本, (3) newbb_fileup 1.83 及其早期版本, (4) News_embed (news_fileup) 1.44 及其早期版本, 以及 (5) XOOPS 2.0.x, XOOPS Cube 2.1, 和 ImpressCMS PopnupBlog 3.19 及其早期版本的Bluemoon, Inc中存在的跨站脚本攻击漏洞会允许远程攻击者通过未明向量来注入任意web脚本或HTML。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Bluemoon inc. BmSurvey 0.84

Bluemoon inc. BmSurvey 0.85

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=20

Bluemoon inc. PopnupBLOG 2.52

Bluemoon inc. PopnupBlog 3.20

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=35

Bluemoon inc. BackPack 0.91

Bluemoon inc. BackPack 0.93

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=36

Bluemoon inc. PopnupBLOG 3.07

Bluemoon inc. PopnupBlog 3.20

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=35

Bluemoon inc. News_embed 1.44

Bluemoon inc. news144embed 1.45

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=47

Bluemoon inc. newbb_fileup 1.83

Bluemoon inc. newbb_fileup 1.84

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=6

Bluemoon inc. PopnupBLOG 3.19

Bluemoon inc. PopnupBlog 3.20

http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3&lid=35

来源: XF

名称: bluemoon-unspecified-xss(42072)

链接:http://xforce.iss.net/xforce/xfdb/42072

来源: BID

名称: 28966

链接:http://www.securityfocus.com/bid/28966

来源: www.bluemooninc.biz

链接:http://www.bluemooninc.biz/~xoops/modules/news/article.php?storyid=69

来源: SECUNIA

名称: 29993

链接:http://secunia.com/advisories/29993

来源: JVN

名称: JVN#31351020

链接:http://jvn.jp/jp/JVN%2331351020/index.html