漏洞信息详情
Slashcode Slash 用户字段参数跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200806-096
- 危害等级: 中危
![图片[1]-Slashcode Slash 用户字段参数跨站脚本攻击漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2008-2553
- 漏洞类型:
跨站脚本
- 发布时间:
2008-06-05
- 威胁类型:
远程
- 更新时间:
2009-02-10
- 厂 商:
slashcode.com - 漏洞来源:
blackybr discovere… -
漏洞简介
Slashdot Like Automated Storytelling Homepage (Slash)(又称Slashcode)R_2_5_0_94以及之前的版本存在跨站脚本攻击漏洞。远程攻击者可以借助用户字段参数,注入任意的web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian slash_2.2.6-8etch1_amd64.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_amd64.deb
Debian Linux 4.0 ia-32
Debian slash_2.2.6-8etch1_i386.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_i386.deb
Debian Linux 4.0 arm
Debian slash_2.2.6-8etch1_arm.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_arm.deb
Debian Linux 4.0 hppa
Debian slash_2.2.6-8etch1_hppa.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_hppa.deb
Debian Linux 4.0 sparc
Debian slash_2.2.6-8etch1_sparc.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_sparc.deb
Debian Linux 4.0 s/390
Debian slash_2.2.6-8etch1_s390.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_s390.deb
Debian Linux 4.0 powerpc
Debian slash_2.2.6-8etch1_powerpc.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_powerpc.deb
Debian Linux 4.0 alpha
Debian slash_2.2.6-8etch1_alpha.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_alpha.deb
Debian Linux 4.0 mipsel
Debian slash_2.2.6-8etch1_mipsel.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mipsel.deb
Debian Linux 4.0 ia-64
Debian slash_2.2.6-8etch1_ia64.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_ia64.deb
Debian Linux 4.0 mips
Debian slash_2.2.6-8etch1_mips.deb
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mips.deb
Slashcode Slashcode 1.0.8
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.0
Slashcode Environment.pm Revision 1.225
Slashcode 2.1
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.1.1
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.1
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.2
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.3
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.4
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.5
Slashcode Environment.pm Revision 1.225
Slashcode Slashcode 2.2.6
Slashcode Environment.pm Revision 1.225
参考网址
来源: XF
名称: slash-userfield-xss(42882)
链接:http://xforce.iss.net/xforce/xfdb/42882
来源: www.slashcode.com
链接:http://www.slashcode.com/article.pl?sid=08/01/07/2314232
来源: www.slashcode.com
链接:http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4
来源: SECTRACK
名称: 1020207
链接:http://www.securitytracker.com/id?1020207
来源: BID
名称: 29548
链接:http://www.securityfocus.com/bid/29548
来源: DEBIAN
名称: DSA-1633
链接:http://www.debian.org/security/2008/dsa-1633
来源: slashcode.cvs.sourceforge.net
来源: SECUNIA
名称: 31691
链接:http://secunia.com/advisories/31691
来源: SECUNIA
名称: 30551
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
