11 lines
No EOL
872 B
Text
11 lines
No EOL
872 B
Text
source: https://www.securityfocus.com/bid/18348/info
|
|
|
|
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
|
|
|
|
|
|
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
|
|
|
|
http://obm-host/company/company_index.php?action=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
|
|
_dsrc=&tf_dateafter=&tf_datebefore=[XSS]
|
|
http://obm-host/company/company_index.php?action=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
|
|
_dsrc=&tf_dateafter=[XSS] |