9 lines
No EOL
484 B
Text
9 lines
No EOL
484 B
Text
source: https://www.securityfocus.com/bid/5676/info
|
|
|
|
phpGB is subject to HTML injection attacks.
|
|
|
|
phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.
|
|
|
|
Enter the following guestbookentry:
|
|
|
|
"delete me <script>alert(document.cookie)</script>" |