漏洞标题
N/A
漏洞描述信息
在PBL guestbook 1.32和更早版本中,pblguestbook.php 中的跨站脚本(XSS)漏洞允许远程攻击者通过(1)名称,(2)消息(也称为评论),(3)网站和(4)电子邮件参数注入任意的网页脚本或HTML,这绕过了检查脚本标签的XSS保护机制,但其他机制则无法检测到,如鼠标悬停属性中的JavaScript URI和iframe标签中的src属性。请注意:一些传播路径可能重叠CVE-2006-2975,尽管使用其他操作使情况更加不确定。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Pixelated By Lev (PBL) Guestbook 跨站脚本攻击(XSS) 漏洞
漏洞描述信息
Pixelated By Lev (PBL) Guestbook 1.32及之前版本中的 pblguestbook.php存在跨站脚本攻击(XSS) 漏洞。远程攻击者可以借助(1) name, (2) message (又称comments), (3) website, 以及 (4) email参数,绕过检查 SCRIPT标签而非其它标签的XSS保护机制,从而注入任意Web脚本或HTML ,比如iframe标签中的onMouseOver 属性和src属性中的javascript URI 。
CVSS信息
N/A
漏洞类别
跨站脚本