Headline
CVE-2013-10010: パスワード抜きのXSS脆弱性対策 · zerochplus/zerochplus@9ddf9ec
A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007.
@@ -257,6 +257,15 @@ sub PrintResList
$log = $Logger->Get($logsize - 1 + $i - $lastnum);
@logs = split(/<>/,$log,-1) if (defined $log);
foreach (0 … $#logs) {
$logs[$_] =~ s/[\x0d\x0a\0]//g;
$logs[$_] =~ s/&/&/g;
$logs[$_] =~ s/"/"/g;
$logs[$_] =~ s/’/’/g;
$logs[$_] =~ s/</</g;
$logs[$_] =~ s/>/>/g;
}
$Page->Print(“<tr><td class=\"Response\” valign=top>");