7 lines
No EOL
432 B
Text
Executable file
7 lines
No EOL
432 B
Text
Executable file
source: http://www.securityfocus.com/bid/7616/info
|
|
|
|
A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script.
|
|
|
|
This may allow for theft of cookie-based authentication credentials and other attacks.
|
|
|
|
http://www.example.com/index.php/article/articleview/<img%20src="javascript:alert(document.cookie)"> |