Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message parameter to (6) forum.php, (7) discussion.php, (8) guestbook.php, (9) blog.php, (10) news.php, (11) srv_updates.php, (12) srv_backups.php, (13) srv_twist_prevention.php, (14) srv_tags.php, (15) srv_tags_reindex.php, (16) google_sitemap.php, (17) sitemap_history.php, (18) srv_options.php, (19) locales.php and (20) plugins_wizard.php in _admin/; a crafted IMG BBcode tag in the message body of a (21) forum, (22) guestbook, or (23) comment; (24) the content of an avatar file, which is not properly handled by Internet Explorer; and (25) the loginname parameter (aka username) in _admin/index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Amiro.CMS跨站脚本攻击漏洞
Vulnerability Description
Amiro.CMS是一款优秀的网站开发和内容管理系统。 Amiro.CMS存在多个跨站脚本攻击漏洞。远程攻击者可以借助对(1)/news,(2)/comment,(3)/forum,(4)/blog,和(5)/tags的status_message参数;对(6)forum.php,(7)discussion.php,(8)guestbook.php,(9)blog.php,(10)news.php,(11)srv_updates.php, (12) srv_backups.php,(13)srv_twis
CVSS Information
N/A
Vulnerability Type
N/A