MaxWebPortal Multiple Input Validation Vulnerabilities

No exploit is required.

The following proof of concept examples have been provided:
<a href="<% =Request.ServerVariables("HTTP_REFERER") %>">Back</font></a></p>

<select name="Avatar_URL" size="4" onChange ="if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;">
<option value="javascript:alert(document.cookie)">POC-Avatar</option></select>


 

Privacy Statement
Copyright 2010, SecurityFocus