Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins. This attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the "Default" User can be changed.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Image Access Scan2Net 安全漏洞

Image Access Scan2Net是德国Image Access公司的一款扫描软件。 Image Access Scan2Net 7.40及之前版本、7.42及之前版本和7.42B之前版本存在安全漏洞，该漏洞源于输入清理不当，攻击者可以执行跨站脚本攻击，并在其他用户的浏览器中运行任意Javascript。

N/A

N/A