Form Sender 1.0 - 'Processform.php3?Failed' Cross-Site Scripting
| EKU-ID: 31345 | CVE: | OSVDB-ID: |
| Author: rgod | Published: 2005-07-19 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31345 | CVE: | OSVDB-ID: |
| Author: rgod | Published: 2005-07-19 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/14326/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. http://[target]/[path]/processform.php3?failed=<script>alert(document.cookie)</script>