10 lines
No EOL
798 B
Text
10 lines
No EOL
798 B
Text
source: https://www.securityfocus.com/bid/8972/info
|
|
|
|
It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'listings' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker.
|
|
|
|
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
|
|
|
|
OpenAutoClassifieds version 1.0 is reported to be prone to this issue, however other versions may be affected as well.
|
|
|
|
http://www.example.com/openautoclassifieds/friendmail.php?listing=<
|
|
script>alert(document.domain);</script> |