Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CPAINT TYPE.PHP跨站脚本攻击漏洞
Vulnerability Description
CPAINT library 2.0.3之前版本的cpaint2.inc.php中存在跨站脚本攻击(XSS)漏洞,在多个脚本中使用时,远程攻击者可以借助显示在结果出错信息中的cpaint_response_type参数注入任意web脚本或HTML,如使用十六进制编码的IFRAME变量演示的那样。
CVSS Information
N/A
Vulnerability Type
N/A