漏洞标题
N/A
漏洞描述信息
E-Business Designer (eBD) 3.1.4 及以上版本允许远程攻击者上传或修改任意文件,并执行任意代码,通过直接请求(1)common/html_editor/image_browser.upload.html,(2)common/html_editor/image_browser.html,或(3)common/html_editor/html_editor.html。注意:也可以通过上传级联样式表(.CSS)文件来进行跨站脚本攻击(XSS)。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
E-Business Designer 多个输入验证漏洞
漏洞描述信息
E-Business Designer (eBD) 3.1.4及之前版本可以使远程攻击者借助对(1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, 或(3) common/html_editor/html_editor.html的直接请求,上传或修改任意文件。 注意: 通过上传层叠式样式表(.CSS) 文件,此漏洞也可用于跨站脚本攻击(XSS)。
CVSS信息
N/A
漏洞类别
跨站脚本