漏洞标题
N/A
漏洞描述信息
"在开放业务管理(OBM)1.0.3pl1中的多个跨站点脚本(XSS)漏洞允许远程攻击者通过(1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore,和(7) tf_dateafter参数向文件(如)(a) publications/publication_index.php,(b) groups/group_index.php,(c) users/user_index.php,(d) lists/list_index.php,和(e) companies/company_index.php)注入任意的HTML或Web脚本。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Open Business Management 多个跨站脚本攻击漏洞
漏洞描述信息
Open Business Management (OBM) 1.0.3 pl1存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可通过传给诸如(a)publication/publication_index.php,(b)group/group_index.php,(c)user/user_index.php,(d)list/list_index.php和(e)company/company_index.php等文件的(1) tf_lang,(2)tf_name,(3)tf_user,(4)tf_lastn
CVSS信息
N/A
漏洞类别
跨站脚本