[原文]Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.
@1 Table Publisher tablepublisher.cgi Title of Table Field XSS
Remote / Network Access
Loss of Integrity
@1 Table Publisher contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Title of Table field upon submission to the tablepublisher.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Customers can add in the "@1 Script Secure code" to help secure the code