Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hostflow New_Ticket.CGI 跨站脚本攻击漏洞
Vulnerability Description
Hostflow 2.2.1-15中的new_ticket.cgi,远程攻击者通过指向URL(此URL可捕获引用站点的URL)的desc参数("凭单描述"字段)中的IMG标记,窃取和回放认证凭证,这可能是跨站脚本攻击(XSS)漏洞或引用站点URL中的凭证泄漏引起的。
CVSS Information
N/A
Vulnerability Type
N/A