9 lines
No EOL
485 B
Text
9 lines
No EOL
485 B
Text
source: http://www.securityfocus.com/bid/7434/info
|
|
|
|
A HTML injection vulnerability has been discovered in Xoops. The problem occurs due to insufficient filtering of HTML and script code by the MyTextSanitizer script.
|
|
|
|
Successful exploitation of this vulnerability may allow a malicious Xoops user to execute arbitrary HTML or script code within the browser of a legitimate user.
|
|
|
|
java script:alert%28document.cookie%29
|
|
|
|
The script code must be embedded within HTML <img> tags. |