CVE-2010-1655

CVE-2010-1655 affects PowerEasy 2006 and PowerEasy SiteWeaver 6.8 via a cross-site scripting flaw in User/User_ChkLogin.asp, exploitable through the ComeUrl parameter to inject arbitrary script/HTML. The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with network attack vector, requiring use...

动易(PowerEasy) SiteWeaver "ComeUrl" Cross-Site Scripting Vulnerability

动易SiteWeaver，它可以被恶意的人利用来进行跨站点脚本攻击漏洞。 输入传递到"ComeUrl"在User/UserChkLogin.asp中没有正确地处理返回给用户参数。这可以被用来执行在用户在受影响的浏览器会话中任意HTML和脚本代码。 这个安全漏洞在版本6.8报告。其它版本也可能受到影响。 PowerEasy SiteWeaver 6.x SEBUG临时解决办法 对User/UserChkLogin.asp,"ComeUrl"进行过滤处理 参考官方补丁 http://www.powereasy.net/...

A XSS in User_ChkLogin.asp of PowerEasy 2006

PowerEasy is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...