SpringSource (Multiple Products) – Multiple HTML Injection Vulnerabilities

Exploit Database
16 阅读

作者： Aaron Kulick

日期： 2010-03-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33794/

source: https://www.securityfocus.com/bid/38913/info

Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

The following are vulnerable:

Hyperic HQ 4.0 prior to 4.0.3.2
Hyperic HQ 4.1 prior to 4.1.2.1
Hyper HQ Open Source
Hyperic HQ 4.2 pre-release
tc Server 6.0.20.B and prior
AMS 2.0 prior to 2.0.0.SR4 

Paste the following code into the description field:
<SCRIPT>alert("XSS Vulnerable")</SCRIPT>

last Exploits
SpringSource (Multiple Products) – Multiple HTML Injection Vulnerabilities的更多信息

Deluge Web UI 1.3.13 – Cross-Site Request Forgery：
MyBB Threads to Link Plugin 1.3 – Cross-Site Scripting：
Joomla! Component com_commedia – ‘task’ SQL Injection：
Apache Airflow 1.10.10 – ‘Example Dag’ Remote Code Execution：
Digital Attic Foundation CMS – ‘id’ SQL Injection：
Joomla! Component com_science – SQL Injection：
EZPX Photoblog 1.2 Beta – Remote File Inclusion：
RPi Cam Control < 6.3.14 - Multiple Vulnerabilities：