关键信息 漏洞类型:Cross-Site Scripting (XSS) 受影响的文件: 受影响的版本: - Version 2.0 is vulnerable through the and parameters. - Version 2.0.1 partially fixes the parameter but remains vulnerable through the parameter. - Version 2.0.4 is not vulnerable. 风险等级:Low CVE编号:CVE-2007-5105, CVE-2007-5106 CWE编号:CWE-79 发布时间:2007.09.27 漏洞描述: - There are two vanilla XSS on . Only early versions of the 2.0 branch are affected. - User registration is disabled by default. Only sites with user registration enabled are affected. - is sanitized but is not and eventually gets printed without further filtering. 联系厂商:Contacted the vendor, but got no response. 证明概念 (PoC): Cookie theft PoC: 从第三方网站注入脚本: