CVE-2010-4640— XWiki Watch 多个跨站脚本攻击漏洞

N/A

Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

N/A

N/A

XWiki Watch 多个跨站脚本攻击漏洞

XWiki Watch是XWiki实现的协作RSS阅读器。 XWiki Watch 1.0中存在多个跨站脚本攻击漏洞。远程攻击者可以借助向(1)bin/viewrev/Main/WebHome和(2)bin/view/Blog传递的rev参数，以及向bin/register/XWiki/Register传递的(3)register_first_name和(4)register_last_name参数注入任意web脚本或者HTML。

N/A

N/A