CVE-2004-0271
CVSS6.8
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:42:51
NMCOES    

[原文]Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.


[CNNVD]MaxWebPortal多重输入验证漏洞(CNNVD-200411-120)

        MaxWebPortal存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助以下参数用其他用户的身份执行任意web脚本(1)dl_showall.asp的sub_name参数,(2)Personal Messages的SendTo参数,(3)down.asp的HTTP_REFERER参数,或者(4)注册表单中一个Avatar的图像名称。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:maxwebportal:maxwebportal:1.31
cpe:/a:maxwebportal:maxwebportal:1.30

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0271
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0271
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-120
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107643014606515&w=2
(UNKNOWN)  BUGTRAQ  20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal
http://www.securityfocus.com/bid/9625
(PATCH)  BID  9625
http://xforce.iss.net/xforce/xfdb/15120
(PATCH)  XF  maxwebportal-multiple-xss(15120)
http://xforce.iss.net/xforce/xfdb/15122
(PATCH)  XF  maxwebportal-register-xss(15122)

- 漏洞信息

MaxWebPortal多重输入验证漏洞
中危 跨站脚本
2004-11-23 00:00:00 2007-01-02 00:00:00
远程  
        MaxWebPortal存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助以下参数用其他用户的身份执行任意web脚本(1)dl_showall.asp的sub_name参数,(2)Personal Messages的SendTo参数,(3)down.asp的HTTP_REFERER参数,或者(4)注册表单中一个Avatar的图像名称。

- 公告与补丁

        The vendor has released MaxWebPortal version 1.32 to address these issues. Users are advised to upgrade to the fixed version.

- 漏洞信息 (23676)

MaxWebPortal 1.3x down.asp HTTP_REFERER XSS (EDBID:23676)
asp webapps
2004-02-10 Verified
0 Manuel Lopez
N/A [点击下载]
source: http://www.securityfocus.com/bid/9625/info

It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.

MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.

<a href="<% =Request.ServerVariables("HTTP_REFERER") %>">Back</font></a></p>		

- 漏洞信息 (23677)

MaxWebPortal 1.3x Personal Message SendTo Parameter XSS (EDBID:23677)
asp webapps
2004-02-10 Verified
0 Manuel Lopez
N/A [点击下载]
source: http://www.securityfocus.com/bid/9625/info
 
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
 
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.

<select name="Avatar_URL" size="4" onChange ="if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;">
<option value="javascript:alert(document.cookie)">POC-Avatar</option></select>		

- 漏洞信息

15225
MaxWebPortal Personal Message SendTo Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Vendor Verified, Coordinated Disclosure

- 漏洞描述

MaxWebPortal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'SendTo' parameter upon submission to the 'Personal Message' function. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

- 时间线

2004-02-10 Unknow
2004-02-10 Unknow

- 解决方案

Upgrade to version 1.32 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MaxWebPortal Multiple Input Validation Vulnerabilities
Input Validation Error 9625
Yes No
2004-02-10 12:00:00 2009-07-12 02:06:00
Discovery of these issues is credited to Manuel Lopez <mantra@gulo.org>.

- 受影响的程序版本

MaxWebPortal MaxWebPortal 1.31
MaxWebPortal MaxWebPortal 1.30
MaxWebPortal MaxWebPortal 1.32

- 不受影响的程序版本

MaxWebPortal MaxWebPortal 1.32

- 漏洞讨论

It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.

MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.

- 漏洞利用

No exploit is required.

The following proof of concept examples have been provided:
&lt;a href="&lt;% =Request.ServerVariables("HTTP_REFERER") %&gt;"&gt;Back&lt;/font&gt;&lt;/a&gt;&lt;/p&gt;

&lt;select name="Avatar_URL" size="4" onChange ="if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;"&gt;
&lt;option value="javascript:alert(document.cookie)"&gt;POC-Avatar&lt;/option&gt;&lt;/select&gt;

- 解决方案

The vendor has released MaxWebPortal version 1.32 to address these issues. Users are advised to upgrade to the fixed version.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站