8 lines
No EOL
587 B
Text
8 lines
No EOL
587 B
Text
source: https://www.securityfocus.com/bid/9625/info
|
|
|
|
It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.
|
|
|
|
MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.
|
|
|
|
<select name="Avatar_URL" size="4" onChange ="if (CheckNav(3.0,4.0)) URL.src=form.Avatar_URL.options[form.Avatar_URL.options.selectedIndex].value;">
|
|
<option value="javascript:alert(document.cookie)">POC-Avatar</option></select> |