Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPX多个跨站脚本攻击(XSS)漏洞
Vulnerability Description
PHPX 3.0到3.2.6版本的functions.inc.php中的checkURI函数存在规范化前认证漏洞。远程攻击者可以借助十六进制编码标签导致跨站脚本攻击(XSS),该漏洞绕过对文字字符“<”,“>”,“(”和“)”的检查,正如使用到forums.php的limit参数以及其他多种向量。
CVSS Information
N/A
Vulnerability Type
N/A