Blojsom Cross-Site Scripting Vulnerability

Blojsom Cross-Site Scripting Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept information is available:

To demonstrate the vulnerability, simply embed the following encoded text into the identified vulnerable fields.

'><script>alert(1234)</script>

This will have the effect of popping up an alert window. This proof of concept could easily be altered to cause the script to return authentication credentials to an attacker-controlled server.