My Little Forum 1.3 - 'email.php' Cross-Site Scripting
| EKU-ID: 28916 | CVE: | OSVDB-ID: |
| Author: David S. Ferreira | Published: 2003-12-23 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28916 | CVE: | OSVDB-ID: |
| Author: David S. Ferreira | Published: 2003-12-23 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI parameters. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script. http://www.example.com/forum/email.php?forum_contact="><script>alert(document.domain);</script>