7 lines
No EOL
535 B
Text
7 lines
No EOL
535 B
Text
source: http://www.securityfocus.com/bid/9488/info
|
|
|
|
IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in the web browser of a user who follows the malicious link.
|
|
|
|
Exploitation could permit theft of cookie-based authentication credentials or other attacks.
|
|
|
|
http://www.example.com/cgi-bin/db2www/<script>alert(document.domain)</script>/A |