https://www.exploit-db.com/exploits/25740
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1224

JawsGlossarygadget0.4至0.5.1中存在跨站脚本攻击(XSS)漏洞，远程攻击者可以通过在一个视图内的term参数或者对index.php的ViewTerm操作来注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13796/info

JAWS is prone to a cross-site scripting vulnerability.

This issue is due to a failure in the application to properly sanitize user-supplied input to the 'Glossary' module.

This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

JAWS versions 0.4 and 0.5 and subsequent are reportedly vulnerable. 

http://www.example.com/index.php?gadget=Glossary&action=ViewTerm&term=<script src=some script</script>

来源:FULLDISC
名称:20050529XSSBuginJawsGlossaryAction:ViewTerm(v0.4-0.5.1(latestversion))
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html
来源:BID
名称:13796
链接:http://www.securityfocus.com/bid/13796