漏洞信息详情

Movable Type Comment Form HTML代码注入漏洞

漏洞简介

Movable Type 2.6以前版本和其他可能包含2.63的版本存在跨站脚本攻击(XSS)漏洞。可能当“允许评论HTML吗?”选项已启用时,远程攻击者可以借助Name文本插入任意web脚本或HTML。

漏洞公告

The vendor has reported that this issue has been addressed in the current version of Movable Type, users are advised to upgrade as soon as possible. Movable Type Movable Type 2.0

参考网址

来源: BUGTRAQ 名称: 20030512 Re: CSS found in Movable Type 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105277690132079&w=2 来源: BUGTRAQ 名称: 20030512 CSS found in Movable Type 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105276879622636&w=2 来源: BUGTRAQ 名称: 20030513 Re: CSS found in Movable Type -- Nope 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105284589927655&w=2 来源: XF 名称: movable-type-comment-xss(12003) 链接:http://xforce.iss.net/xforce/xfdb/12003 来源: BID 名称: 7560 链接:http://www.securityfocus.com/bid/7560

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多