Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OneOrZero 'common.php' 跨站脚本攻击漏洞
Vulnerability Description
OneOrZero Helpdesk的common.php的stripScripts函数中存在不完整黑名单漏洞,远程攻击者执行跨站脚本攻击并注入任意web脚本或HTML可以借助没有对(1) tcreate.php或(2) tupdate.php的描述参数的SCRIPT标签的XSS序列,如运行一个b标签事件。
CVSS Information
N/A
Vulnerability Type
N/A