啥也不说了、、、睡觉。一切后果与本站无关。
- Silverstripe CMS, <http://silverstripe.org/>, version 2.3.4 and lower
- (and its unreleased 2.4 branch), is vulnerable to two Cross Site
- Scripting issues.
- 1. The comment posting mechanism of Silverstripe ('PostCommentForm')
- fails to properly sanitize the 'CommenterURL' parameter. This allows for
- persistent injection of HTML or javascript code within existing HTML tags.
- 2. The forum module is vulnerable to a reflective XSS issue caused by
- the search script failing to properly sanitize input to the 'Search'
- parameter. When invoking this URL:
- SILVERSTRIPESITE/forums/search/?Search=%22%20onmouseover=%22javascript:alert%280%29;%22
- trying to reorder the search results will trigger execution of the
- injected javascript code.
- // 51gho.com [2010-01-27]
|
