Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TorrentTrader Classic 多个跨站脚本攻击漏洞
Vulnerability Description
TorrentTrader是用PHP编写的torrent tracker平台 。 TorrentTrader Classic 存在多个跨站脚本攻击漏洞,远程认证用户可以通过多个方法注入任意web脚本和HTML: (1) 脚本requests.php域Title, 与viewrequests.php相关; (2) 脚本torrents-upload.php域Torrent Name, 与torrent上传日志相关; (3) 脚本themes/default/footer.php参数ttversion par
CVSS Information
N/A
Vulnerability Type
N/A