Content Server is a web content management from Divine (www.divine.com)
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.
Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=
alert(document.cookie);>
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.
Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=
alert(document.cookie);>
Workaround :
Catch ...
[ more ]