漏洞标题
N/A
漏洞描述信息
在亚曼斯和比尔·埃金lin QaTraq 6.5 RC 早期版本中存在多个跨站脚本(XSS)漏洞,允许远程攻击者通过top.inc中(1)link_print、(2)link_upgrade、(3)link_sql、(4)link_next、(5)link_prev和(6)link_list参数被query_view_search.php包含;(a)components_copy_content.php、(b)components_modify_content.php和(c)components_new_content.php中的(7)msg、(8)component_name和(9)component_desc参数;(a)components_copy_content.php、(b)components_modify_content.php和(c)components_new_content.php中的(10)title、(11)version和(12)content参数;设计_copy_content.php、(13)plan_title和(14)plan_content参数;设计_copy_plan_search.php、(15)title、(16)minor_version、(17)new_version和(18)content参数;设计_modify_content.php、(19)title、(20)version和(21)content参数;设计_new_content.php、(22)plan_name和(23)plan_desc参数;设计_new_search.php、(24)file_name参数和(25)username参数;(26)password参数登录.php;(27)title、(28)version和(29)content参数;(28)content参数在phase_copy_content.php中;(29)content参数在phase_delete_search.php中;(30)content参数在phase_modify_content.php中;(31)title、(32)minor_version、(33)new_version和(34)content参数;(35)content、(36)title、(37)version和(38)content参数;(37)content参数在phase_modify_search.php中;(38)content参数在phase_view_search.php中;(39)content参数在phase_view_search.php中;(40)msg、(41)product_name和(42)product_desc参数;(43)product_name和(44)product_desc参数在(d)products_copy_search.php中;可能还有大量的其他参数和可执行文件。请注意:供应商通过电子邮件通知CVE,该问题已在6.8 RC发布中修复。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
ashmans/Bill Echlin QaTraq 多个跨站脚本攻击漏洞
漏洞描述信息
ashmans和Bill Echlin QaTraq 6.5 RC及更早版本中的多个跨站脚本攻击(XSS)漏洞,可让远程攻击者通过以下方式注入任意Web脚本或HTML:queries_view_search.php中包含的top.inc 中的(1) link_print、(2) link_upgrade、(3) link_sql、(4) link_next、(5) link_prev和(6) link_list参数;(a) components_copy_content.php、(b) component
CVSS信息
N/A
漏洞类别
跨站脚本