7 lines
No EOL
486 B
Text
7 lines
No EOL
486 B
Text
source: http://www.securityfocus.com/bid/5932/info
|
|
|
|
Authoria HR Suite is prone to cross-site scripting attacks.
|
|
|
|
An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site.
|
|
|
|
https://www.example.com/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('test!');a=[[' |