메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16636

관리자 2017.11.09 04:00 조회 수 : 5

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636
번호 제목 글쓴이 날짜 조회 수
377 CVE-2017-12971 (apache2triad) 관리자 2017.08.27 2
376 CVE-2017-11357 관리자 2017.08.27 2
375 CVE-2017-12847 관리자 2017.08.27 2
374 CVE-2017-13649 관리자 2017.08.27 2
373 CVE-2017-0805 (android) 관리자 2017.08.27 2
372 CVE-2017-13666 관리자 2017.08.27 2
371 CVE-2017-13658 (imagemagick) 관리자 2017.08.27 2
370 CVE-2017-12137 관리자 2017.08.27 2
369 CVE-2017-12134 관리자 2017.08.27 2
368 CVE-2017-12136 관리자 2017.08.27 2
367 CVE-2017-11424 관리자 2017.08.27 2
366 CVE-2017-9512 관리자 2017.08.27 2
365 CVE-2017-12679 관리자 2017.08.27 2
364 CVE-2017-12074 관리자 2017.08.27 2
363 CVE-2017-9555 관리자 2017.08.27 2
위로