pMachine 1.0/2.x – Search Module Cross-Site Scripting

pMachine 1.0/2.x – Search Module Cross-Site Scripting

漏洞ID 1053976 漏洞类型
发布时间 2003-06-19 更新时间 2003-06-19
图片[1]-pMachine 1.0/2.x – Search Module Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-pMachine 1.0/2.x – Search Module Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22810
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7981/info

Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.

http://www.example.com/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code>

相关推荐: Vim Swap File Race Condition Vulnerability

Vim Swap File Race Condition Vulnerability 漏洞ID 1103328 漏洞类型 Race Condition Error 发布时间 2001-04-10 更新时间 2001-04-10 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享