Simple Machine SMF Shoutbox模块'sboxDB.php' 跨站脚本攻击漏洞

漏洞信息详情

Simple Machines Forum (SMF) Shoutbox的sboxDB.php存在跨站脚本攻击漏洞。远程攻击者可以借助提交到shoutbox对话框的以\"＆＃\"开头，包含想要的脚本，以\"；\"结尾的字符串注入任意的web脚本或HTML。

来源: BID

名称: 27727

链接:http://www.securityfocus.com/bid/27727

来源: BUGTRAQ

名称: 20080422 Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

链接:http://www.securityfocus.com/archive/1/archive/1/491357/100/0/threaded

来源: BUGTRAQ

名称: 20080321 Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

链接:http://www.securityfocus.com/archive/1/archive/1/489964/100/0/threaded

来源: BUGTRAQ

名称: 20080210 Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

链接:http://www.securityfocus.com/archive/1/archive/1/487912/100/0/threaded

来源: SREASON

名称: 3651

链接:http://securityreason.com/securityalert/3651

来源: SECUNIA

名称: 28900

链接:http://secunia.com/advisories/28900

暂无