发布时间 :2004-03-29 00:00:00
修订时间 :2017-07-10 21:31:25

[原文]Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.


        WebCT Campus Edition版本存在跨站脚本攻击(XSS)漏洞。远程攻击者借助CSS样式标签中的@import URL函数注入任意web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040329 WebCT Campus Edition 4.1 - Cross site scripting using CSS @import
(UNKNOWN)  XF  webct-import-xss(15652)

- 漏洞信息

中危 跨站脚本
2004-03-29 00:00:00 2006-04-21 00:00:00
        WebCT Campus Edition版本存在跨站脚本攻击(XSS)漏洞。远程攻击者借助CSS样式标签中的@import URL函数注入任意web脚本或HTML。

- 公告与补丁

        The vendor has released WebCT CE 4.1 SP2 Hotfix 40832, WebCT CE 4.0 SP3 Hotfix 40833 and WebCT CE 3.8.4 Hotfix 8 to address this issue.
        WebCT WebCT Campus Edition 3.8
        WebCT WebCT Campus Edition 3.8.4
        WebCT WebCT Campus Edition 4.0
        WebCT WebCT Campus Edition 4.1
        WebCT WebCT Campus Edition 4.1.1 .5

- 漏洞信息 (23893)

WebCT Campus Edition 3.8/4.x HTML Injection Vulnerability (EDBID:23893)
multiple remote
2004-03-29 Verified
0 Simon Boulet
N/A [点击下载]

It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply malicious HTML or script code to the application via the @import url() function of Microsoft Internet Explorer when posting a message on a forum, which would then be rendered in the browser of an unsuspecting user whenever the malicious message is viewed.

WebCT Campus Edition version 4.1 is reported to be affected by this issue. 

<style type="text/css">
@import url(javascript:alert(document.cookie));


- 漏洞信息

WebCT Campus Edition @import URL Function XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

WebCT Campus Edition contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URL variables upon submission to the @import function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-03-28 2004-03-28
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, WebCT has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者