9 lines
No EOL
727 B
Text
9 lines
No EOL
727 B
Text
source: http://www.securityfocus.com/bid/14392/info
|
|
|
|
PNG Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages.
|
|
|
|
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. The attacker would need to entice the unsuspecting user to follow a malicious link containing script code embedded in the affected parameter. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
|
|
|
|
PNG Counter 1.0 is vulnerable to this issue.
|
|
|
|
http://www.example.com/path/demo.php?digit=">XSS |