N/A

Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.

N/A

N/A

miniCWB 跨站脚本漏洞

miniCWB是一款小型的开源内容管理系统。 miniCWB 存在跨站脚本漏洞，该漏洞源于没有正确过滤对/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php所传送的URL便返回给了用户，这允许远程攻击者通过跨站脚本攻击在用户浏览器会话中执行任意代码。

N/A

N/A