Nokia Electronic Documentation (NED)跨站脚本漏洞

Nokia Electronic Documentation (NED)跨站脚本漏洞

漏洞ID 1107483 漏洞类型 跨站脚本
发布时间 2003-09-15 更新时间 2003-10-06
图片[1]-Nokia Electronic Documentation (NED)跨站脚本漏洞-安全小百科CVE编号 CVE-2003-0801
图片[2]-Nokia Electronic Documentation (NED)跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200310-022
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23149
https://www.securityfocus.com/bid/82740
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-022
|漏洞详情
NokiaElectronicDocumentation(NED)5.0版本存在跨站脚本(XSS)漏洞。远程攻击者借助包含脚本的docs/directory的URL执行任意web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/8626/info

Nokia Electronic Documentation (NED) has been reported prone to a cross-site scripting vulnerability. The issue has been conjectured to present itself due to a lack of sufficient sanitization performed on user supplied data.

A remote attacker may exploit this issue by enticing a target user to follow a malicious link to the affected Nokia Electronic Documentation site, which contains embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.

It should be noted that although this vulnerability has been reported to affect Nokia Electronic Documentation version 5.0, previous versions might also be affected.


http://www.example.com/docs/<script>alert('@stake');</script>
|受影响的产品
Nokia Electronic Documentation 5.0
|参考资料

来源:ATSTAKE
名称:A091503-1
链接:http://www.atstake.com/research/advisories/2003/a091503-1.txt

相关推荐: Slackware Linux 3.1/3.2 – ‘color_xterm’ Local Buffer Overflow (2)

Slackware Linux 3.1/3.2 – ‘color_xterm’ Local Buffer Overflow (2) 漏洞ID 1053349 漏洞类型 发布时间 1997-05-27 更新时间 1997-05-27 CVE编号 N/A CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享