7 lines
No EOL
608 B
Text
7 lines
No EOL
608 B
Text
source: http://www.securityfocus.com/bid/9575/info
|
|
|
|
The rxgoogle.cgi search script is prone to a cross-site scripting vulnerability because the software fails to sanitize user input and allows various metacharacters that may facilitate cross-site scripting attacks.
|
|
|
|
An attacker may leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
|
|
|
http://www.example.com/cgi-bin/rxgoogle.cgi?query=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E |