Escapade脚本引擎(ESP)跨站脚本(XSS)漏洞

Escapade脚本引擎(ESP)跨站脚本(XSS)漏洞

漏洞ID 1107479 漏洞类型 跨站脚本
发布时间 2003-09-09 更新时间 2003-09-17
图片[1]-Escapade脚本引擎(ESP)跨站脚本(XSS)漏洞-安全小百科CVE编号 CVE-2003-0763
图片[2]-Escapade脚本引擎(ESP)跨站脚本(XSS)漏洞-安全小百科CNNVD-ID CNNVD-200309-010
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23127
https://www.securityfocus.com/bid/82713
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200309-010
|漏洞详情
Escapade脚本引擎(ESP)存在跨站脚本(XSS)漏洞。远程攻击者可以借助类函数参数注入任意脚本。正如使用PAGE参数。
|漏洞EXP
source: http://www.securityfocus.com/bid/8573/info

A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values.

An attacker could exploit this issue to execute arbitrary HTML code in the browser of a remote user who follows a malicious link. Code execution would occur in the context of the vulnerable site. It has also been reported that this issue may be exploited to disclose the installation path of the affected software. 

http://www.example.com/cgi-bin/esp?PAGE=<script>alert(document.domain)
</script>
|受影响的产品
Squished Mosquito Escapade 0
|参考资料

来源:BUGTRAQ
名称:20030909EscapadeScriptingEngineXSSVulnerabilityandPathDisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=106312344631197&w;=2

相关推荐: University of Washington Pico File Overwrite Vulnerability

University of Washington Pico File Overwrite Vulnerability 漏洞ID 1103666 漏洞类型 Race Condition Error 发布时间 2000-12-11 更新时间 2000-12-11 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享