BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv May 26 2006 05:18AM
Steven M. Christey (coley mitre org)

Webmaster at destiney said:

> I pasted the following example XSS code into both form fields, and saw
> no evidence of XSS vulnerabilities:
>
> <DIV STYLE="background-image: url(javascript:alert('XSS'))">

According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV ta...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus