source: http://www.securityfocus.com/bid/9112/info
A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user.
Successful exploitation of this issue could potentially allow an attacker to steal an administrators authentication credentials, likely leading to further malicious actions taking places.
http://www.example.com:8000/server/<your server>/webserver/webserverlist.jsp?action=start&externalWebServer=DefaultDomain%3aservice%3d<script code>
http://www.example.com:8000/clusterframe.jsp?cluster=<script code>
![图片[1]-Macromedia JRun 4.0 build 61650 – Administrative Interface Multiple Cross-Site Scripting Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png)
CVE编号
![图片[2]-Macromedia JRun 4.0 build 61650 – Administrative Interface Multiple Cross-Site Scripting Vulnerabilities-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png)
CNNVD-ID
恐龙抗狼扛9月前0
kankan啊啊啊啊3年前0
66666666666666