메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16636

관리자 2017.11.09 04:00 조회 수 : 208

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636
번호 제목 글쓴이 날짜 조회 수
362 CVE-2017-14460 관리자 2018.01.25 179
361 CVE-2017-16647 관리자 2017.11.09 179
360 CVE-2017-9511 관리자 2017.08.27 179
359 CVE-2017-0127 관리자 2017.03.18 179
358 CVE-2017-0089 관리자 2017.03.18 179
357 CVE-2017-15091 관리자 2018.01.25 178
356 CVE-2018-5958 관리자 2018.01.25 178
355 CVE-2017-12119 관리자 2018.01.25 178
354 CVE-2017-13143 (imagemagick) 관리자 2017.08.27 178
353 CVE-2017-0134 관리자 2017.03.18 178
352 CVE-2016-3230 관리자 2016.06.17 178
351 CVE-2017-14099 관리자 2017.09.04 177
350 CVE-2017-0084 관리자 2017.03.18 177
349 CVE-2017-0074 관리자 2017.03.18 177
348 CVE-2017-6547 관리자 2017.03.10 177
위로