9 lines
No EOL
669 B
Text
9 lines
No EOL
669 B
Text
source: http://www.securityfocus.com/bid/9516/info
|
|
|
|
BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.
|
|
|
|
Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.
|
|
|
|
This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected.
|
|
|
|
http://www.example.com/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script> |