BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Divine OpenMarket Content Server XSS Oct 03 2003 09:47PM
Valgasu (valgasu rstack org)
Content Server is a web content management from Divine (www.divine.com)
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.

Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=
alert(document.cookie);>

Workaround :
Catch ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus