N/A

Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp.

N/A

N/A

Stoneware webNetwork 多个跨站脚本漏洞

Stoneware webNetwork是一款企业私有云解决方案。 Stoneware webNetwork SP1之前的6.1版本中存在多个跨站脚本漏洞。通过blogName参数传送到(1)community/blog.jsp或(2)community/blogSearch.jsp脚本；或(3)calendarType或(4)monthNumbe参数传送到community/calendar.jsp脚本；或(5)flag参数传送到swDashboard/ajax/setAppFlag.jsp脚本，远程攻

N/A

N/A