漏洞信息详情

Slashcode Slash 用户字段参数跨站脚本攻击漏洞

  • CNNVD编号:CNNVD-200806-096
  • 危害等级: 中危
  • CVE编号: CVE-2008-2553
  • 漏洞类型: 跨站脚本
  • 发布时间: 2008-06-05
  • 威胁类型: 远程
  • 更新时间: 2009-02-10
  • 厂        商: slashcode.com
  • 漏洞来源: blackybr discovere...

漏洞简介

Slashdot Like Automated Storytelling Homepage (Slash)(又称Slashcode)R_2_5_0_94以及之前的版本存在跨站脚本攻击漏洞。远程攻击者可以借助用户字段参数,注入任意的web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 4.0 amd64

Debian slash_2.2.6-8etch1_amd64.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_amd64.deb

Debian Linux 4.0 ia-32

Debian slash_2.2.6-8etch1_i386.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_i386.deb

Debian Linux 4.0 arm

Debian slash_2.2.6-8etch1_arm.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_arm.deb

Debian Linux 4.0 hppa

Debian slash_2.2.6-8etch1_hppa.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_hppa.deb

Debian Linux 4.0 sparc

Debian slash_2.2.6-8etch1_sparc.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_sparc.deb

Debian Linux 4.0 s/390

Debian slash_2.2.6-8etch1_s390.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_s390.deb

Debian Linux 4.0 powerpc

Debian slash_2.2.6-8etch1_powerpc.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_powerpc.deb

Debian Linux 4.0 alpha

Debian slash_2.2.6-8etch1_alpha.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_alpha.deb

Debian Linux 4.0 mipsel

Debian slash_2.2.6-8etch1_mipsel.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mipsel.deb

Debian Linux 4.0 ia-64

Debian slash_2.2.6-8etch1_ia64.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_ia64.deb

Debian Linux 4.0 mips

Debian slash_2.2.6-8etch1_mips.deb

http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mips.deb

Slashcode Slashcode 1.0.8

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.0

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode 2.1

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.1.1

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.1

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.2

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.3

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.4

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.5

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

Slashcode Slashcode 2.2.6

Slashcode Environment.pm Revision 1.225

http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225&view=patch

参考网址

来源: XF

名称: slash-userfield-xss(42882)

链接:http://xforce.iss.net/xforce/xfdb/42882

来源: www.slashcode.com

链接:http://www.slashcode.com/article.pl?sid=08/01/07/2314232

来源: www.slashcode.com

链接:http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4

来源: SECTRACK

名称: 1020207

链接:http://www.securitytracker.com/id?1020207

来源: BID

名称: 29548

链接:http://www.securityfocus.com/bid/29548

来源: DEBIAN

名称: DSA-1633

链接:http://www.debian.org/security/2008/dsa-1633

来源: slashcode.cvs.sourceforge.net

链接:http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225

来源: SECUNIA

名称: 31691

链接:http://secunia.com/advisories/31691

来源: SECUNIA

名称: 30551

链接:http://secunia.com/advisories/30551

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多