毕竟西湖六月中,风光不与四时同。
接天莲叶无穷碧,映日荷花别样红。
CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Risk Level: Medium
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
http://whitehatpost.blog.163.com/blog/static/24223205420151109249850
评论