HispaH Youtube Clone 'load_message.php' Cross-Site Scripting Vulnerability

HispaH Youtube Clone 'load_message.php' Cross-Site Scripting Vulnerability

An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following proof-of-concept URI is available:

http://www.example.com/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]