7 lines
No EOL
668 B
Text
7 lines
No EOL
668 B
Text
source: https://www.securityfocus.com/bid/9932/info
|
|
|
|
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
|
|
|
|
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.
|
|
|
|
In the register form: "><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]> |