漏洞信息详情
SSGBook图像标签HTML注入漏洞
- CNNVD编号:CNNVD-200212-752
- 危害等级: 低危
- CVE编号: CVE-2002-2339
- 漏洞类型: 跨站脚本
- 发布时间: 2002-12-31
- 威胁类型: 远程
- 更新时间: 2002-12-31
- 厂 商: script_shed
- 漏洞来源:
.');">Discovery of this ...
漏洞简介
Script-Shed GuestBook 1.0 版本中的configure.asp存在跨站脚本(XSS)漏洞。远程攻击者可以通过(1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left 标签中的Javascript: URL注入任意web脚本或HTML。
漏洞公告
It has been reported that the vendor has addressed this issue. An upgrade is linked below: Script-Shed SSGbook 1.0
- Script-Shed Script-Shed Guestbook http://www.script-shed.com/download.cfm?ID=3
参考网址
来源: BID 名称: 5915 链接:http://www.securityfocus.com/bid/5915 来源: XF 名称: ss-guestbook-img-xss(10331) 链接:http://www.iss.net/security_center/static/10331.php 来源: BUGTRAQ 名称: 20021008 SSGbook (ASP) 链接:http://online.securityfocus.com/archive/1/294299 来源: BUGTRAQ 名称: 20031001 Re: SSGbook (ASP) 链接:http://archives.neohapsis.com/archives/bugtraq/2003-10/0009.HTML
受影响实体
- Script_shed Ssgbook:1.0
- Script_shed Ssgbook:1.0
补丁
暂无
评论