[原文]Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
web content management validsession.php strRootpath Parameter XSS
Remote / Network Access
Loss of Integrity
web content management contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'strRootpath' parameter upon submission to the validsession.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.