Keene Digital Media Server 1.0.2 – Cross-Site Scripting

Keene Digital Media Server 1.0.2 – Cross-Site Scripting

漏洞ID 1054585 漏洞类型
发布时间 2004-09-04 更新时间 2004-09-04
图片[1]-Keene Digital Media Server 1.0.2 – Cross-Site Scripting-安全小百科CVE编号 N/A
图片[2]-Keene Digital Media Server 1.0.2 – Cross-Site Scripting-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24573
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11111/info

Keene Digital Media Server is prone to multiple cross-site scripting vulnerabilities. These issues span multiple scripts. The source of the problem is that affected scripts do not sufficiently sanitize externally supplied data before rendering it to a client user. An attacker may exploit these issues by enticing a victim user to follow a malicious link.

These issues could be exploited to steal cookie-based authentication credentials or launch other attacks.

http://www.example.com/dms/slideshow.kspx?shidx=0&idx=-1&sort=d&style=t&delay=15&playmode=play&source=[code]
http://www.example.com/dms/slideshow.kspx?source=[code]
http://www.example.com/dms/dlasx.kspx?shidx=[code]
http://www.example.com/igen/?pg=dlasx.kspx&shidx=[code]
http://www.example.com/dms/mediashowplay.kspx?pic=[code]&idx=0
http://www.example.com/dms/mediashowplay.kspx?pic=0&idx=[code]

相关推荐: Monkey HTTP Daemon Excessive POST Data Buffer Overflow Vulnerability

Monkey HTTP Daemon Excessive POST Data Buffer Overflow Vulnerability 漏洞ID 1076228 漏洞类型 Boundary Condition Error 发布时间 2003-03-24 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享