Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivot多个跨站脚本攻击 (XSS) 漏洞
Vulnerability Description
Pivot 1.30 RC2及之前版本存在多个跨站脚本攻击 (XSS) 漏洞。 当register_globals启用时,远程攻击者可以借助(a) includes/blogroll.php中的 (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3,以及(8) c4参数; includes/editor/edit_menu.php中的(9) name和(10) js_name 参数;即使在register_globals未启用时的(c)
CVSS Information
N/A
Vulnerability Type
N/A