漏洞标题
N/A
漏洞描述信息
DKScript.com Dragon's Kingdom Script 1.0中的多个跨站点脚本(XSS)漏洞允许远程攻击者通过在IMG元素SRC属性中的javascript URI中注入任意的网页脚本或HTML来攻击游戏mail.php中的do=write(akaSend Mail Message)行动;通过dk.php访问的index.php中的do=onlinechar(akaEdit your Profile)行动;以及在general.php中的do=new(akaCreate Thread)行动中的未知字段中的IMG元素SRC属性中的javascript URI。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Dragons Kingdom脚本多个跨站脚本攻击(XSS) 漏洞
漏洞描述信息
DKScript.com Dragon's Kingdom Script 1.0存在多个跨站脚本攻击(XSS) 漏洞。 远程攻击者可以借助gamemail.php中的do=write (又称Send Mail Message)操作中的 (1) Subject 和(2) Message字段;由dk.php访问的index.php中的do=onlinechar (又称 Edit your Profile) 中的 (3) Gender, (4) Country/Location, (5) MSN Messeng
CVSS信息
N/A
漏洞类别
跨站脚本
