9 lines
No EOL
839 B
Text
9 lines
No EOL
839 B
Text
source: http://www.securityfocus.com/bid/6570/info
|
|
|
|
FormMail-clone is allegedly prone to cross-site scripting attacks.
|
|
|
|
The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious link to the script which contains arbitrary script code. If this link is visited by a web user, the attacker-supplied script code may be interpreted by their browser in the context of the site hosting the software.
|
|
|
|
This vulnerability was originally reported in FormMail. Additional reports have indicated that the issue actually exists in FormMail-clone, which is an entirely different program which is designed to perform the same function as FormMail but contains none of the original code.
|
|
|
|
http://www.example.com/cgi-sys/FormMail.cgi?<script>alert("test");</script> |