Multiple cross-site scripting (XSS)... CVE-2007-4588 CNNVD-200708-451

4.3 AV AC AU C I A
发布: 2007-08-29
修订: 2018-10-15

InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2版本中存在多个跨站脚本攻击漏洞。(1) 远程攻击者可以借助对index.php的TH_INFO注入任意web脚本或HTML ; 远程验证用户可以借助对(2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, 或 (25) cluster.php的PATH_INFO,注入任意web脚本或HTML。

暂无可用Exp或PoC
当前有1条受影响产品信息