[原文]Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Jadu CMS has been reported to contain a cross-site scripting issue in the register.php script. After extensive dialogue with the vendor, Jadu Ltd., it has been determined that the affected script is not part of the Jadu CMS distribution. The affected script was utilized on a handful of customer sites but did not affect a site based on the use of Jadu CMS.
Currently, there are no known workarounds or upgrades to correct this issue. However, Jadu, Ltd. has released a patch to address this vulnerability. The patch only applies to a limited number of their customer base that used a customized version of a register.php script.