Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CPG Dragonfly CMS多个跨站脚本攻击漏洞
Vulnerability Description
在Dragonfly CMS 9.0.6.1之前版本中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过以下途径,注入任意脚本或HTML:(1) uname,(2)错误,(3)简介或(4)用于(a) Your_Account模块的用户名文件参数,(5) catid, (6) sid, (7)故事文本或(8)在(b) 消息模块中的扩展文本text字段,(9) 月份,(10) 年份或(11)用于(c) Stories_Archive模块中的sa参数,(12)显示,(13) cid, (14) ratety
CVSS Information
N/A
Vulnerability Type
N/A