Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Beehive Forum 跨站脚本漏洞
Vulnerability Description
Beehive Forum是一套基于PHP和MySQL的Web论坛软件。该软件提供文字过滤、用户权限管理和电子邮件通知等功能。 Beehive Forum 1.4.4版本的edit_prefs.php脚本中存在跨站脚本漏洞,该漏洞源于程序没有正确处理错误消息中的‘homepage_url’、‘pic_url’和‘avatar_url’参数。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A