Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Battelle V2I Hub 跨站脚本漏洞
Vulnerability Description
Battelle V2I Hub是美国Battelle Memorial Institute公司的一套车辆、道路信息互联管理系统。该系统支持基础设施信息与车辆信息进行有效通信。 Battelle V2I Hub 2.5.1版本中存在跨站脚本漏洞,该漏洞源于api/SystemConfigActions.php?action=add和index.php脚本错误的验证了用户提交的输入。远程攻击者可借助URL中的‘parameterName’或‘_login_username’参数利用该漏洞窃取用户基于cook
CVSS Information
N/A
Vulnerability Type
N/A