VULHUB ™

Grayscale BandSite CMS中存在多个跨站脚本攻击漏洞。远程攻击者可借助以下方式注入任意Web脚本或HTML， adminpanel/includes/helpfiles/help_mp3.php中的max_file_size_purdy参数，adminpanel/includes/mailinglist/sendemail.php中的message_text参数，includes/footer.php中的this_year参数和adminpanel/includes/helpfiles/help_news.php、adminpanel/includes/helpfiles/help_merch.php、adminpanel/includes/header.php和adminpanel/login_header.php中的the_band参数；以及包括bio_content.php、gbook_content.php、interview_content.php、links_content.php、lyrics_content.php、member_content.php、merch_content.php、mp3_content.php、news_content.php、pastshows_content.php、photo_content.php、releases_content.php、reviews_content.php、shows_content.php和signgbook_content.php的includes/content/文件。

Grayscale BandSite CMS中存在多个跨站脚本攻击漏洞。远程攻击者可借助以下方式注入任意Web脚本或HTML， adminpanel/includes/helpfiles/help_mp3.php中的max_file_size_purdy参数，adminpanel/includes/mailinglist/sendemail.php中的message_text参数，includes/footer.php中的this_year参数和adminpanel/includes/helpfiles/help_news.php、adminpanel/includes/helpfiles/help_merch.php、adminpanel/includes/header.php和adminpanel/login_header.php中的the_band参数；以及包括bio_content.php、gbook_content.php、interview_content.php、links_content.php、lyrics_content.php、member_content.php、merch_content.php、mp3_content.php、news_content.php、pastshows_content.php、photo_content.php、releases_content.php、reviews_content.php、shows_content.php和signgbook_content.php的includes/content/文件。