Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Unica Affinium Campaign 多个跨站脚本攻击漏洞
Vulnerability Description
Unica Affinium Campaign中存在多个跨站脚本攻击漏洞。远程攻击者可以借助以下方式注入任意的web脚本或HTML:(1)url中的一个Javascript事件,(2)PageName和(3)对Campaign/Campaign的CustomBookMarkLink操作中的主题参数;(4)对Campaign/updateOfferTemplateSubmit.do (又称板块网页)的displayIcon参数中的一个Javascript事件;(5)对Campaign/CampaignLis
CVSS Information
N/A
Vulnerability Type
N/A