7 lines
No EOL
458 B
Text
7 lines
No EOL
458 B
Text
source: http://www.securityfocus.com/bid/8407/info
|
|
|
|
SurgeLDAP is prone to cross-site scripting attacks. Remote attackers may exploit this issue by enticing a user to visiting a malicious link that includes hostile HTML and script code. This code may be rendered in the user's browser when the link is visited.
|
|
|
|
This issue exists in the web server component of SurgeLDAP.
|
|
|
|
http://www.example.com:6680/user.cgi?cmd=<script>alert('C.S.S')</script>&utoken= |