7 lines
No EOL
576 B
Text
7 lines
No EOL
576 B
Text
source: http://www.securityfocus.com/bid/8958/info
|
|
|
|
MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software.
|
|
|
|
An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks.
|
|
|
|
http://www.example.com/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E |