Inktomi Traffic Server 4.0/5.x – Cross-Site Scripting

Inktomi Traffic Server 4.0/5.x – Cross-Site Scripting

漏洞ID 1053871 漏洞类型
发布时间 2003-05-14 更新时间 2003-05-14
图片[1]-Inktomi Traffic Server 4.0/5.x – Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-Inktomi Traffic Server 4.0/5.x – Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22601
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7596/info

Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. A malicious attacker could exploit this issue by creating a link which contains hostile HTML and script code and then enticing users of the proxy to visit the link. When the link is visited via the proxy, attacker-supplied script may be interpreted in the user's browser.

Exploitation could permit HTML and script code to access properties of the domain that is requested through the proxy.

http://<spoofed_domain>:443/</em><script>alert()</script>

相关推荐: VBZoom Remote SQL Injection Vulnerability

VBZoom Remote SQL Injection Vulnerability 漏洞ID 1101455 漏洞类型 Input Validation Error 发布时间 2002-10-08 更新时间 2002-10-08 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享