N/A

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

N/A

N/A

Subrion CMS 多个跨站脚步漏洞

Subrion CMS是Subrion团队开发的一套基于PHP的内容管理系统（CMS）。该系统可被集成到网站，并支持多种扩展插件等。 Subrion CMS 2.2.3之前版本中存在多个跨站脚本(XSS)漏洞。远程攻击者可利用这些漏洞通过id参数传送到(1)admin/accounts/、(2)admin/manage/或(3)admin/manage/blocks/edit/，或(4)group参数传送到admin/configuration/，注入任意web脚本或HTML。.

N/A

N/A