• info
• discussion
• exploit
• solution
• references

SlashCode Cross Site Scripting Vulnerability

SlashCode is a bulletin board, discussion and portal framework. It is widely used, and is behind the popular Slashdot page.

A cross site scripting vulnerability exists in specific versions of SlashCode. By constructing a URL to a vulnerable site, an attacker may insert script commands into the displayed page. If a user of the SlashCode system follows such a link, the script will execute in the context of the SlashCode page. This may lead to the compromise of that user's SlashCode account, through the theft of cookie data.