• info
• discussion
• exploit
• solution
• references

Parallels H-Sphere 'login.php' Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/webshell4/login.php?err=[XSS]
http://www.example.com/webshell4/login.php?login=[XSS]