9 lines
No EOL
633 B
Text
9 lines
No EOL
633 B
Text
source: http://www.securityfocus.com/bid/5025/info
|
|
|
|
Imatix Xitami is a webserver for Microsoft Windows operating systems.
|
|
|
|
It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.
|
|
|
|
Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site.
|
|
|
|
http://www.<IMG%20SRC=""%20ONERROR="alert(document.cookie)">.target.com/error404 |