Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) sort parameter to pivot/index.php, (3) the value of a check array parameter in a delete action to pivot/index.php, (4) the element name in a check array parameter in a delete action to pivot/index.php, (5) the edituser parameter in an edituser action to pivot/index.php, (6) the edit parameter in a templates action to pivot/index.php, (7) the blog parameter in a blog_edit1 action to pivot/index.php, (8) the cat parameter in a cat_edit action to pivot/index.php, (9) a certain form field in a doaction=1 request to pivot/index.php, (10) the url field in a my_weblog edit_prefs action to pivot/user.php, or (11) the username (aka name) field in a my_weblog reg_user action to pivot/user.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivot 多个跨站脚本攻击漏洞和HTML注入漏洞
Vulnerability Description
Pivot中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)菜单或(2)对pivot/index.php的sort参数,(3)对pivot/index.php的一个删除操作中的检测排列参数值,(4)对pivot/index.php的一个删除操作的一个检测排列参数的元件名,(5)对pivot/index.php的一个edituser操作中的edituser参数,(6)对pivot/index.php的一个模块操作中的编辑参数,(7)对pivot/index.php的一个blog_edit1操作中的blog
CVSS Information
N/A
Vulnerability Type
N/A