中文描述:

Leadhound Full and LITE 2.1以及可能存在漏洞的网络版本"完整版"，存在多个跨站脚本漏洞。这使得远程攻击者可以借助于 (1) agent_affil.pl、(2) agent_help.pl、(3) agent_faq.pl、(4) agent_help_insert.pl、(5) sign_out.pl、(6) members.pl、(7) modify_agent_1.pl、(8) modify_agent_2.pl、(9) modify_agent.pl、(10) agent_links.pl、(11) agent_stats_pending_leads.pl、(12) agent_logoff.pl、(13) agent_rev_det.pl、(14) agent_subaffiliates.pl、(15) agent_stats_pending_leads.pl、(16) agent_transactions.pl、(17) agent_payment_history.pl、(18) agent_summary.pl、(19) agent_camp_all.pl、(20) agent_camp_new.pl、(21) agent_camp_notsub.pl、(22) agent_campaign.pl、(23) agent_camp_expired.pl、(24) agent_stats_det.pl、(25) agent_stats.pl、(26) agent_camp_det.pl、(27) agent_camp_sub.pl、 (28) agent_affil_list.pl和(29) agent_affil_code.pl中的login参数， (30) agent_faq.pl、(31) agent_help_insert.pl、(32) members.pl、 (33) modify_agent_1.pl、(34) modify_agent_2.pl、 (35) modify_agent.pl、(36) agent_links.pl、(37) agent_subaffiliates.pl、(38) agent_stats_pending_leads.pl、(39) agent_transactions.pl、(40) agent_summary.pl、(41) agent_camp_all.pl、(42) agent_camp_new.pl、(43) agent_camp_notsub.pl、(44) agent_campaign.pl、(45) agent_camp_expired.pl、(46) agent_stats.pl、 (47) agent_camp_det.pl、(48) agent_camp_sub.pl、(49) agent_affil_list.pl和 (50) agent_affil_code.pl中的logged参数， (51) agent_links.pl、(52) agent_subaffiliates.pl和(53) agent_camp_det.pl中的camp_id参数，(54)agent_links.pl中的banner参数， (55) agent_links.pl、(56) agent_subaffiliates.pl、(57) agent_transactions.pl和(58) agent_summary.pl中的offset参数，(59) agent_subaffiliates.pl、(60) agent_transactions.pl和(61) agent_summary.pl中的date参数，(62) agent_rev_det.pl和(63) agent_stats_det.pl中的dates参数，(64)agent_camp_det.pl中的page参数， (65) agent_commission_statement.pl中的agent_id参数，以及 (66) lost_pwd.pl中的lost password字段注入任意web脚本或HTML 。

英文描述:

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

CWE类型:

标签:

中文解决方案:

英文解决方案:

临时解决方案: