MaviPortal - 'Arama.asp' Cross-Site Scripting
| EKU-ID: 34421 | CVE: | OSVDB-ID: |
| Author: St@rExT | Published: 2006-12-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34421 | CVE: | OSVDB-ID: |
| Author: St@rExT | Published: 2006-12-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/21512/info MaviPortal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. http://www.example.com/[scriptoath]/arama.asp?a_r_a_n_a_c_a_k= [xss Code]