9 lines
No EOL
746 B
Text
9 lines
No EOL
746 B
Text
source: http://www.securityfocus.com/bid/8956/info
|
|
|
|
It has been reported that Sympoll is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the 'vo' parameter. The problem may allow a remote attacker to execute HTML or script code in the browser of a user following a malicious link created by an attacker.
|
|
|
|
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
|
|
|
|
Sympoll version 1.5 is reported to be prone to this issue, however other versions may be affected as well.
|
|
|
|
http://www.example.com/index.php?vo="><script>alert(document.cookie);</script> |