13 lines
No EOL
581 B
Text
13 lines
No EOL
581 B
Text
source: http://www.securityfocus.com/bid/47702/info
|
|
|
|
Multiple GoT.MY products are prone to a cross-site scripting vulnerability.
|
|
|
|
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials; other attacks are possible.
|
|
|
|
The following are vulnerable:
|
|
Classified ADs 2.9.1
|
|
Classmates 1.1.1
|
|
Deal Informer 4.8.0
|
|
|
|
http://www.example.com/themes/default/header.inc.php?theme_dir=%22%3E%3Cscript%3E
|
|
alert%28document.cookie%29;%3C/script%3E |