漏洞标题
N/A
漏洞描述信息
V3 Chat中的多个跨站脚本(XSS)漏洞允许远程攻击者通过精心构造的HTML标签注入任意的Web脚本或HTML,如IMG标签所示,在(a)mail/index.php和(b)mail/reply.php中的id参数;在(c)members/is_online.php中的login_id参数;在(d)messnger/online.php、(e)messnger/search.php和(f)messnger/profile.php中的site_id参数;在(g)messnger/profileview.php中的contact_name参数;在(h)messnger/expire.php中的cust_name参数。
注意: vendor 否认涉及messnger目录中的文件的 vectors,表示..."所引用的文件夹'messnger' 从未对公众提供..."。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
V3 Chat Instant Messenger多个跨站脚本攻击漏洞
漏洞描述信息
V3 Chat中存在多个跨站脚本攻击(XSS) 漏洞。远程攻击者可以借助特制的HTML标签,注入任意web脚本或HTML。 比如(1)(a) mail/index.php和(b) mail/reply.php中的id参数; (2)(c) members/is_online.php中的login_id参数; (3) (d) messenger/online.php, (e) messenger/search.php,和(f) messenger/profile.php中的site_id参数; (4)mess
CVSS信息
N/A
漏洞类别
跨站脚本