메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16636

관리자 2017.11.09 04:00 조회 수 : 208

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636
번호 제목 글쓴이 날짜 조회 수
377 CVE-2017-6331 관리자 2017.11.09 181
376 CVE-2017-14100 관리자 2017.09.04 181
375 CVE-2017-11424 관리자 2017.08.27 181
374 CVE-2017-0020 관리자 2017.03.18 181
373 CVE-2017-0015 관리자 2017.03.18 181
372 CVE-2017-12112 관리자 2018.01.25 180
371 CVE-2017-14099 관리자 2017.09.04 180
370 CVE-2014-7860 관리자 2017.08.27 180
369 CVE-2017-13693 관리자 2017.08.27 180
368 CVE-2017-0117 관리자 2017.03.18 180
367 CVE-2017-0082 관리자 2017.03.18 180
366 CVE-2015-1142857 관리자 2018.01.25 179
365 CVE-2018-1044 관리자 2018.01.25 179
364 CVE-2017-12130 관리자 2018.01.25 179
363 CVE-2017-15111 관리자 2018.01.25 179
위로