Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ActiveWeb Contentserver CMS Client Side 过滤绕过漏洞
Vulnerability Description
activeWeb contentserver CMS 5.6.2964版本之前的版本的WYSIWYG editor applet只会过滤掉发送至admin/applets/wysiwyg/rendereditor.asp的恶意标签,这会允许远程验证用户可以借助对admin/worklist/worklist_edit.asp提交的直接请求,注入任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A