Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SunShop Shopping Cart跨站脚本执行漏洞
Vulnerability Description
SunShop是一款商业WEB电子购物程序,使用PHP脚本实现并可以运行在Unix和Linux操作系统下,也可以运行在Microsoft Windows操作系统下。 SunShop对用户输入没有进行正确的检查,可导致攻击者插入任意脚本进行跨站脚本执行攻击。 当远程攻击者注册一个新用户时,由于程序对名字字段内容没有进行充分的检查,可导致攻击者在此字段中插入任意Javascript代码,当管理员查看客户列表的时候,脚本代码在管理员WEB浏览器上执行,可导致管理员基于Cookie认证的信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A