Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jahia xCM 跨脚本漏洞
Vulnerability Description
Jahia xCM是瑞士Jahia公司的一套WCM(网站内容管理)系统。该系统提供了门户网站和文档管理功能。 Jahia xCM 6.6.1.0 r43343及之前的版本中存在跨站脚本漏洞,该漏洞源于(1)engines/manager.jsp脚本没有正确过滤‘site’参数,(2)当执行‘do=users’和‘sub=search’操作时,administration/URI没有正确过滤‘searchString’操作,(3)当执行‘do=users’和‘sub=processCreate’操作时,ad
CVSS Information
N/A
Vulnerability Type
N/A