漏洞标题
N/A
漏洞描述信息
"InterWorx 主机控制台(InterWorx-CP)Web管理员级别(SiteWorx)3.0.2(1)存在多个跨站脚本(XSS)漏洞,允许远程攻击者通过PATH_INFO将任意的网页脚本或HTML注入到index.php中;并允许远程登录的用户通过PATH_INFO将任意的网页脚本或HTML注入到(2)siteworx.php,(3)users.php,(4)ftp.php,(5)mysql.php,(6)domains.php,(7)htaccess.php,(8)scriptworx.php,(9)stats.php,(10)backup.php,(11)restore.php和(12)httpd.php;以及未指定的目标到(13)cron.php和(14)prefs.php。"
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
InterWorx-CP SiteWorx and NodeWorx 多个跨站脚本攻击漏洞
漏洞描述信息
InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2版本中存在多个跨站脚本攻击漏洞。(1)远程攻击者可以借助对index.php的PATH_INFO,注入任意web脚本或HTML; 远程验证用户可以借助对(2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8)
CVSS信息
N/A
漏洞类别
跨站脚本