7 lines
No EOL
699 B
Text
7 lines
No EOL
699 B
Text
source: http://www.securityfocus.com/bid/7981/info
|
|
|
|
Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplied data that is passed as the query to the affected module.
|
|
|
|
An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied code passed as the keywords URI parameter may execute within the context of the site hosting the vulnerable software when the malicious link is visited.
|
|
|
|
http://www.example.com/Path_To_pMachine/search/index.php?weblog=name_of_weblog&keywords=<script code> |