9 lines
No EOL
640 B
Text
9 lines
No EOL
640 B
Text
source: http://www.securityfocus.com/bid/6035/info
|
|
|
|
MyMarket is prone to cross-site scripting attacks.
|
|
|
|
HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable software which contains malicious attacker-supplied HTML and script code.
|
|
|
|
When this link is visited, the attacker-supplied code will execute in the user's web client in the security context of the site hosting the software.
|
|
|
|
http://www.example.com/templates/form_header.php?noticemsg=<Script>javascript:alert(document.cookie)</Script> |