- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21961
- Проверка EDB
-
- Пройдено
- Автор
- QBER66
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2002-2362
- Дата публикации
- 2002-10-23
Код:
source: https://www.securityfocus.com/bid/6035/info
MyMarket is prone to cross-site scripting attacks.
HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable software which contains malicious attacker-supplied HTML and script code.
When this link is visited, the attacker-supplied code will execute in the user's web client in the security context of the site hosting the software.
http://www.example.com/templates/form_header.php?noticemsg=<Script>javascript:alert(document.cookie)</Script>- Источник
- www.exploit-db.com
