7 lines
No EOL
539 B
Text
7 lines
No EOL
539 B
Text
source: https://www.securityfocus.com/bid/5569/info
|
|
|
|
php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields.
|
|
|
|
An attacker may potentially exploit this situation to cause arbitrary HTML and script code to execute in the web client of a user of a vulnerable website. The attacker-supplied code will execute in the context of the vulnerable website.
|
|
|
|
<b style="expression(alert(document.cookie))"> |