Lucene search
K

66 matches found

seebug.org
seebug.org
added 2014/01/02 12:0 a.m.30 views

ZendTo 'emailAddr' 脚本插入漏洞

CVECAN ID: CVE-2013-6808 ZendTo是基于Web的文件转换器。 ZendTo 4.11-12版本没有正确过滤pickup.php的 "emailAddr" 参数值,可导致插入任意HTML和脚本代码,被查看后,在受影响站点的用户浏览器上下文中执行这些代码。 0 ZendTo ZendTo = 4.11-12 厂商补丁: ZendTo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.zend.to/changelog.phpZendTo ZendTo = 4.11-12...

4.3CVSS6.5AI score0.01464EPSS
Exploits3
seebug.org
seebug.org
added 2014/01/02 12:0 a.m.18 views

ZendTo "emailAddr" 脚本插入漏洞

CVECAN ID: CVE-2013-6808 ZendTo是基于Web的文件转换器。 ZendTo 4.11-12版本没有正确过滤pickup.php的 "emailAddr" 参数值,可导致插入任意HTML和脚本代码,被查看后,在受影响站点的用户浏览器上下文中执行这些代码。 0 ZendTo ZendTo = 4.11-12 厂商补丁: ZendTo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.zend.to/changelog.phpZendTo ZendTo = 4.11-12...

4.3CVSS6.5AI score0.01464EPSS
Exploits3
NVD
NVD
added 2013/12/28 4:53 a.m.11 views

CVE-2013-6808

Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...

4.3CVSS5.6AI score0.01464EPSS
Exploits3References2
Prion
Prion
added 2013/12/28 4:53 a.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...

4.3CVSS6.1AI score0.01464EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2013/12/28 2:0 a.m.35 views

CVE-2013-6808

Cross-site scripting XSS vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php...

5.6AI score0.01464EPSS
Exploits3References2
CVE
CVE
added 2013/12/28 2:0 a.m.41 views

CVE-2013-6808

CVE-2013-6808 concerns a cross-site scripting (XSS) vulnerability in ZendTo’s web-based file converter. The issue stems from ZendTo (before version 4.11-13) not properly filtering the emailAddr parameter in pickup.php, allowing remote attackers to inject arbitrary HTML or script which executes in...

4.3CVSS5.8AI score0.01464EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder