CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

CVE•added 2010/04/30 5:0 p.m.•48 views

CVE-2010-1655

CVE-2010-1655 affects PowerEasy 2006 and PowerEasy SiteWeaver 6.8 via a cross-site scripting flaw in User/User_ChkLogin.asp, exploitable through the ComeUrl parameter to inject arbitrary script/HTML. The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with network attack vector, requiring use...

4.3CVSS5.9AI score0.00285EPSS

Exploits1References4Affected Software1

seebug.org•added 2010/04/28 12:0 a.m.•44 views

动易(PowerEasy) SiteWeaver "ComeUrl" Cross-Site Scripting Vulnerability

动易SiteWeaver，它可以被恶意的人利用来进行跨站点脚本攻击漏洞。输入传递到"ComeUrl"在User/UserChkLogin.asp中没有正确地处理返回给用户参数。这可以被用来执行在用户在受影响的浏览器会话中任意HTML和脚本代码。这个安全漏洞在版本6.8报告。其它版本也可能受到影响。 PowerEasy SiteWeaver 6.x SEBUG临时解决办法对User/UserChkLogin.asp,"ComeUrl"进行过滤处理参考官方补丁 http://www.powereasy.net/...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by