Endian Firewall /cgi-bin/salearn.cgi remark user ham spam Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter to /cgi-bin/salearn.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Endian Firewall 跨站脚本漏洞

Endian Firewall是Endian公司的一款网络安全防火墙系统。 Endian Firewall 3.3.25及之前版本存在跨站脚本漏洞，该漏洞源于对/cgi-bin/salearn.cgi中remark user ham spam参数输入清理不当，可能导致经过身份验证的攻击者注入并执行任意JavaScript代码。

N/A

N/A