Pivot Multiple Cross Site Scripting And HTML Injection Vulnerabilities

Pivot Multiple Cross Site Scripting And HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.

The following examples are available:

Cross-site scripting:
http://www.example.com/pivot/pivot/index.php?menu="><script>alert(0)</script><br

HTML injection:
http://www.example.com/pivot/pivot/user.php?func=reg_user&w=my_weblog
-- Set username to <script>alert(0)</script>