BugTraq
Webmails + Internet Explorer can create unwanted javascript execution Oct 02 2003 09:39PM
Jedi/Sector One (j pureftpd org) (2 replies)
Divine OpenMarket Content Server XSS Oct 03 2003 09:47PM
Valgasu (valgasu rstack org)
Content Server is a web content management from Divine (www.divine.com)
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.

Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=
alert(document.cookie);>

Workaround :
Catch error and display a standard error page without echo of the file name.

Valgasu
http://valgasu.rstack.org
http://www.rstack.org

[ reply ]
RE: Webmails + Internet Explorer can create unwanted javascript execution Oct 03 2003 05:19PM
Drew Copley (dcopley eeye com)


 

Privacy Statement
Copyright 2010, SecurityFocus