Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QuickerSite 'showThumb.aspx'多个跨站脚本攻击漏洞
Vulnerability Description
QuickerSite 1.8.5版本存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)到showThumb.aspx的close参数;process_send.asp中的可通过default.asp读取的(2)SB_redirect和(3)SB_feedback参数;到picker.asp的(4)paramCode和(5)cColor参数以及到rss.asp的(6)query字符串、(7)Referer头和(8)X-FORWARDED-FOR头,注入任意的web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A