66 matches found
ZendTo 'emailAddr' 脚本插入漏洞
CVECAN ID: CVE-2013-6808 ZendTo是基于Web的文件转换器。 ZendTo 4.11-12版本没有正确过滤pickup.php的 "emailAddr" 参数值,可导致插入任意HTML和脚本代码,被查看后,在受影响站点的用户浏览器上下文中执行这些代码。 0 ZendTo ZendTo = 4.11-12 厂商补丁: ZendTo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.zend.to/changelog.phpZendTo ZendTo = 4.11-12...
ZendTo "emailAddr" 脚本插入漏洞
CVECAN ID: CVE-2013-6808 ZendTo是基于Web的文件转换器。 ZendTo 4.11-12版本没有正确过滤pickup.php的 "emailAddr" 参数值,可导致插入任意HTML和脚本代码,被查看后,在受影响站点的用户浏览器上下文中执行这些代码。 0 ZendTo ZendTo = 4.11-12 厂商补丁: ZendTo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.zend.to/changelog.phpZendTo ZendTo = 4.11-12...
CVE-2013-6808
Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...
Cross site scripting
Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...
CVE-2013-6808
Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...
CVE-2013-6808
CVE-2013-6808 concerns a cross-site scripting (XSS) vulnerability in ZendTo’s web-based file converter. The issue stems from ZendTo (before version 4.11-13) not properly filtering the emailAddr parameter in pickup.php, allowing remote attackers to inject arbitrary HTML or script which executes in...