VULHUB ™

Jupiter CMS中存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可以通过(a) modules/blocks.php中的(1) language[Admin name]和(2) language[Admin back]参数；(b) modules/register.php中的(3) language[Register title]和(4) language[Register title2]参数；(c) modules/mass-email.php中的(5) language[Mass-Email form title]、(6) language[Mass-Email form desc]、(7) language[Mass-Email form desc2]、(8) language[Mass-Email form desc3]和(9) language[Mass-Email form desc4]参数；(d) modules/register.php中的(10) language[Forgotten title]、(11) language[Forgotten desc]、(12) language[Forgotten desc2]、(13) language[Forgotten desc3]、(14) language[Forgotten desc4]和(15) language[Forgotten desc5]参数；以及(e) modules/search.php中的(16) language[Search view desc]、(17) language[Search view desc2]、(18) language[Search view desc3]、(19) language[Search view desc4]、(20) language[Search view desc5]、(21) language[Search view desc6]、(22) language[Search view desc7]和(23) language[Search view desc8]参数注入任意Web脚本或HTML。

Jupiter CMS中存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可以通过(a) modules/blocks.php中的(1) language[Admin name]和(2) language[Admin back]参数；(b) modules/register.php中的(3) language[Register title]和(4) language[Register title2]参数；(c) modules/mass-email.php中的(5) language[Mass-Email form title]、(6) language[Mass-Email form desc]、(7) language[Mass-Email form desc2]、(8) language[Mass-Email form desc3]和(9) language[Mass-Email form desc4]参数；(d) modules/register.php中的(10) language[Forgotten title]、(11) language[Forgotten desc]、(12) language[Forgotten desc2]、(13) language[Forgotten desc3]、(14) language[Forgotten desc4]和(15) language[Forgotten desc5]参数；以及(e) modules/search.php中的(16) language[Search view desc]、(17) language[Search view desc2]、(18) language[Search view desc3]、(19) language[Search view desc4]、(20) language[Search view desc5]、(21) language[Search view desc6]、(22) language[Search view desc7]和(23) language[Search view desc8]参数注入任意Web脚本或HTML。