https://www.exploit-db.com/exploits/22810

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/7981/info

Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

http://www.example.com/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code>