Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-03-31T17:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-03-31T00:00:00
Link: CVE-2008-1556
JSON object: View
NVD Information
Status : Modified
Published: 2008-03-31T17:44:00.000
Modified: 2018-10-11T20:35:30.833
Link: CVE-2008-1556
JSON object: View
Redhat Information
No data.
CWE