Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
One-News 多个跨站脚本攻击漏洞
Vulnerability Description
One-News Beta 2版本存在多个跨站脚本攻击漏洞。远程攻击者可以借助到add.php的新闻条款的标题和内容参数以及到index.php的评论中的条款编号、作者或评论参数,注入任意的web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A