CVE-2021-47920— WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters

WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WebMO Job Manager 跨站脚本漏洞

WebMO Job Manager是WebMO公司的一个化学计算软件核心控制面板。 WebMO Job Manager 20.0版本存在跨站脚本漏洞，该漏洞源于search参数存在跨站脚本漏洞，可能导致会话劫持和外部重定向。

N/A

N/A