5 lines
No EOL
504 B
Text
5 lines
No EOL
504 B
Text
source: http://www.securityfocus.com/bid/9286/info
|
|
|
|
my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI parameters. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script.
|
|
|
|
http://www.example.com/forum/email.php?forum_contact="><script>alert(document.domain);</script> |