Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Filter field to statsrequestypereport.asp; and the (6) sys_request_id parameter to requestattach.asp; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) Asset, (8) Location, and (9) Problem fields to editrequestenduser.asp; the (10) Asset, (11) Asset Location, (12) Problem Desc, and (13) Solution Desc fields to editrequestuser.asp; and the (14) End User and (15) Description fields to usersearchrequests.asp. NOTE: vectors 5 and 6 do not require authentication to exploit.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Layton HelpBox 跨站脚本漏洞
Vulnerability Description
Layton Helpbox是一套基于Web的桌面帮助系统。 Layton HelpBox 3.7.1版本中存在跨站脚本漏洞,该漏洞源于writeenduserenduser.asp文件没有充分过滤‘Forename’、‘Surname’、‘Telephone’和‘Fax’字段;statsrequestypereport.asp文件没有充分过滤‘Filter’字段;requestattach.asp文件没有充分过滤‘sys_request_id’字段;editrequestenduser.asp文件没有充
CVSS Information
N/A
Vulnerability Type
N/A