Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability

No exploit is required.

The following proof of concept has been provided:
http://www.example.com/.Templates/Commands/Upload.shtml?TargetName=<script>alert('XSS')</script>


 

Privacy Statement
Copyright 2010, SecurityFocus