Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php, probably involving the Title or textarea field as reachable through admin/pages/new_page.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ripe Website 管理器多个跨站脚本攻击漏洞
Vulnerability Description
Ripe Website Manager 0.8.9版本及其早期版本中存在多个跨站脚本攻击漏洞。远程验证用户可以借助一个或多个一下的向量:(1) 对(a) pages/delete_page.php, (b) navigation/delete_menu.php, 和 (c)admin/中的navigation/delete_item.php的id参数; (2) menu_id, (3) name, (3) page_id, 和(4)(d) admin/navigation/do_new_item.php
CVSS Information
N/A
Vulnerability Type
N/A